After installing VIO Server v3.1.0 I noticed that the ssh host keys are included in the mksysb image, and therefore unless you delete them and recreate them, all your VIO Servers will have the same host keys.  So unless you change them, I also have the same host keys that you have.

This may or may not be a security concern to you, but I would prefer each of my VIO Servers to have unique host keys.  I believe it is best practice for security sake to have every server have a unique SSH host key.

 

# /usr/ios/cli/ioscli ioslevel
3.1.0.00

 

SSH Host Keys

By default, the install just uses the SSH host keys already in the mksysb image.

# cd etc/ssh

# ls -l ssh_host*

-rw------- 1 root system  668 19 Oct 06:49 ssh_host_dsa_key
-rw-r--r-- 1 root system  590 19 Oct 06:49 ssh_host_dsa_key.pub
-rw------- 1 root system  227 19 Oct 06:49 ssh_host_ecdsa_key
-rw-r--r-- 1 root system  162 19 Oct 06:49 ssh_host_ecdsa_key.pub
-rw------- 1 root system  387 19 Oct 06:49 ssh_host_ed25519_key
-rw-r--r-- 1 root system   82 19 Oct 06:49 ssh_host_ed25519_key.pub
-rw------- 1 root system 1679 19 Oct 06:49 ssh_host_rsa_key
-rw-r--r-- 1 root system  382 19 Oct 06:49 ssh_host_rsa_key.pub

 

Let's take a look at one of those keys.

Does the public key look exactly the same as the one on your VIO Server?

# cat ssh_host_rsa_key.pub

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEpdzANZeF9ul8KOENb6FO/Iu4CznbO49jaBhS8vFRtwwT/
0Y+VoSCIPc/BVPGUYzdu1e27Y4kTt1cFhQgxOsXaARgQMplYJ5F8UciiJSTujVQzQbJhYMk6VISmdEQ/HINIG
SeI+hyIQZ9fnAlo0HrjVzIK0EPVKVV5Wsu63CtA3PhE4ONr10BZBkUzwV0+7KFOecQ0KjDchHJeM1GeqVrqWO
hqKTy36Zg8bXsCgwfPPKh6JZGuimPrQ9CTvhBGXyNEw2USO1Z4lXtbc+z7aFdGtmamkvWE2cFD190uaQoqK9o
Yj7VuhCD/5J0WnkOdjpyQ73LBhTxsugRFb2wcejP

 

To Fix This.

# rm /etc/ssh/ssh_host*

# ssh-keygen -P '' -t rsa -f /etc/ssh/ssh_host_rsa_key