> If I copy the /etc/ssh_host_key file generated on one host to several
> different hosts, their sshd's will still startup and work, and sessions
> between the hosts are still encrypted.
Yes.
> Is there any significance to generating a unique host key file for each
> machine? Is it less secure for all machines to be using the same host key
> file?
Yes, in that:
1) A compromise of any machine compromises the private key of all of them
2) If someone manages to divert an incoming call from one of the machines
to another one, the client sees the same key and can't tell the difference.
But (2) might be just what you want if you have a cluster of machines providing
equivalent services and you are using one of the DNS "hacks" for load-sharing
between them!
--
David Pick
