Essential Configuration Changes After Cloning a Linux VM: SSH, Hostname, and Network Adjustments


2 views

When you clone a Linux virtual machine, you're essentially creating a digital twin with identical configurations. While convenient, this introduces several technical challenges:


# Dangerous artifacts in a cloned VM:
- Duplicate SSH host keys (/etc/ssh/ssh_host_*)
- Identical machine-id (/etc/machine-id)  
- Matching network interface MACs
- Same hostname in /etc/hostname
- Identical LVM/UUIDs (if using storage virtualization)

1. Network Identity Overhaul

Start by ensuring network interface uniqueness:


# For modern systems using systemd-networkd:
sudo rm /etc/machine-id
sudo systemd-machine-id-setup

# For legacy systems (RHEL/CentOS 6):
sudo rm -f /etc/udev/rules.d/70-persistent-net.rules
sudo service network restart

2. SSH Key Regeneration

Don't just regenerate host keys - rotate all cryptographic artifacts:


# Comprehensive SSH key rotation:
sudo rm /etc/ssh/ssh_host_*
sudo ssh-keygen -A
sudo systemctl restart sshd

# Bonus: Rotate user keys too
find /home -name authorized_keys -exec rm {} \;

3. Hostname and Domain Resolution


# Modern Linux systems:
hostnamectl set-hostname new-server-name.domain.com

# Update /etc/hosts (critical for some services)
127.0.1.1   new-server-name.domain.com new-server-name

Certificate and Secret Rotation

Any service using SSL/TLS or cryptographic keys needs attention:


# For web servers:
sudo rm /etc/ssl/private/*
sudo rm /etc/ssl/certs/*

# For database servers (MySQL example):
sudo mysql_ssl_rsa_setup --uid=mysql

Storage Identifiers

Virtual disks might need UUID updates:


# For LVM systems:
sudo vgchange -an
sudo vgrename OLD_VG_NAME NEW_VG_NAME
sudo vgchange -ay

# Filesystem UUIDs (ext4 example):
sudo tune2fs -U random /dev/sda1

For frequent cloning operations, consider this bash script template:


#!/bin/bash
# Auto-reconfig for cloned VMs

NEW_HOSTNAME=$1
NEW_DOMAIN=$2

# Network
rm -f /etc/machine-id
systemd-machine-id-setup

# SSH
rm -f /etc/ssh/ssh_host_*
ssh-keygen -A
systemctl restart sshd

# Hostname
hostnamectl set-hostname "${NEW_HOSTNAME}.${NEW_DOMAIN}"
sed -i "s/127.0.1.1.*/127.0.1.1\t${NEW_HOSTNAME}.${NEW_DOMAIN} ${NEW_HOSTNAME}/" /etc/hosts

# Cleanup
find /var/lib/cloud/instances -type f -exec rm {} \; 2>/dev/null
cloud-init clean

When cloning a Linux virtual machine, several critical system identifiers remain duplicated from the source machine. These conflicts can cause serious operational issues in networked environments. The most common problem scenarios include:

  • Duplicate MAC addresses causing network collisions
  • Identical SSH host keys triggering security warnings
  • Matching hostnames creating DNS/identification conflicts
  • Potential UUID conflicts for filesystems or devices

Start by verifying and updating network-specific identifiers:

# Check current MAC addresses
ip link show

# For Debian/Ubuntu systems, edit the interface config
nano /etc/network/interfaces
# Replace any hardcoded MAC addresses with:
# hwaddress ether [new_mac]

# For RHEL/CentOS systems:
nano /etc/sysconfig/network-scripts/ifcfg-eth0
# Remove or update HWADDR line

Update the hostname through these steps:

# Temporary change (immediate effect)
hostnamectl set-hostname newhostname.example.com

# Permanent change (for Debian/Ubuntu)
nano /etc/hostname
nano /etc/hosts

# For RHEL/CentOS
nano /etc/sysconfig/network

Critical security step to prevent man-in-the-middle attacks:

# Remove existing host keys
rm -v /etc/ssh/ssh_host_*

# Regenerate keys (Debian/Ubuntu)
dpkg-reconfigure openssh-server

# For RHEL/CentOS:
systemctl stop sshd
ssh-keygen -A
systemctl start sshd

For virtual disks that might be mounted simultaneously:

# Check current UUIDs
blkid

# For ext4 filesystems (example):
tune2fs -U random /dev/sda1

# Update /etc/fstab accordingly
nano /etc/fstab

Additional changes depending on installed services:

  • MySQL/MariaDB: mysql_secure_installation and change server UUID
  • PostgreSQL: Regenerate postgresql.conf and cluster data
  • Docker: rm /etc/docker/key.json and restart

Here's a basic script to handle common changes:

#!/bin/bash
# Set new hostname
NEW_HOST="server-$(openssl rand -hex 3)"
hostnamectl set-hostname $NEW_HOST

# Regenerate SSH keys
rm -f /etc/ssh/ssh_host_*
ssh-keygen -A

# Generate new machine-id
echo $(cat /dev/urandom | tr -dc 'a-f0-9' | fold -w 32 | head -n 1) > /etc/machine-id

# Optional: Randomize MAC for primary interface
INTERFACE=$(ip route | awk '/default/ {print $5}')
NEW_MAC=$(printf '52:54:00:%02X:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) $((RANDOM%256)))
ip link set dev $INTERFACE down
ip link set dev $INTERFACE address $NEW_MAC
ip link set dev $INTERFACE up