Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ssh - known_hosts handling 1

Status
Not open for further replies.
TSch

TSch

Technical User
Jul 12, 2001
557
DE
Hi folks,

I understand that whenever we connect to another machine using ssh the first time an entry is being created in the known_hosts file ...

Now the problem is that after certain changes in the ssh installation the entries won't work anymore so that we have to erase them and reconnect to the machine and manually confirm with "yes".

Having about 40 machines with several users using ssh connections on each machine this means an enormous effort to build up a new known_hosts file on every machine so that every user on every machine (and especially all the scripts we run under crontab as well !!!) will be able to connect to every other machine ...

Any suggestions how we could solve that problem ?

Regards
Thomas
 
Sort by date Sort by votes
The information of the first link brings me to an interesting thought:

Let's say I have to uninstall an old ssh version and want to do a completely new installation of a new ssh version. Is it possible to save the /etc/ssh/ssh_host_key.pub before and just restore it after the new installation or isn't that going to work ?

Regards
Thomas
 
Upvote 0 Downvote
I had few annoying moments when i had to install from a mksysb! There was some conflict among the ssh keys! So I'm not sure if it would be straight forward for your case!

Regards,
Khalid
 
Upvote 0 Downvote
I guess when you uninstalling or upgrading openssh the existing host keys are not touched (ii "works" in that way with Darren Tucker's openssh distriutions for AIX:
Of course it is possible / you can save current host keys and restore them locally or copy them on any host you wish (eg. if you have clustered environent it is good idea to have the same host keys on all cluster nodes).

The host key pairs usually reside in openssh config directory and files are called "ssh_host_*" eg.:

-rw------- 1 root system 668 Mar 11 2003 ssh_host_dsa_key
-rw-r--r-- 1 root system 598 Mar 11 2003 ssh_host_dsa_key.pub
-rw------- 1 root system 523 Mar 11 2003 ssh_host_key
-rw-r--r-- 1 root system 327 Mar 11 2003 ssh_host_key.pub
-rw------- 1 root system 883 Mar 11 2003 ssh_host_rsa_key
-rw-r--r-- 1 root system 218 Mar 11 2003 ssh_host_rsa_key.pub


btw. regarding known host file. you as an administrator can maintain global known_host file which is called usually ssh_known_hosts and resides in openssh config directory (when a host key is found in that file, it will be used and not be added to the user's ~/.ssh/known_host).

when you set in ssh_config "StrictHostKeyChecking no", then new host keys will automatically be added to ~/.ssh/known_hosts - no prompt for confirmation.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TSch
  • Locked
  • Question
Execute ssh command on VIO Server
Replies
1
Views
319
w5000
w5000
NoLogic001
  • Locked
  • Question
Ssh-keygen (Saving the key failed:)
Replies
3
Views
201
iggsterman
iggsterman
Guy987
  • Locked
  • Question
Smartcard authentication to SSH
Replies
0
Views
79
Guy987
Guy987
Germo
  • Locked
  • Question
Quick SSh Question
Replies
3
Views
83
VineetSingla
VineetSingla
TSch
  • Locked
  • Question
Problem with vtmenu on hmc and ssh 1
Replies
3
Views
197
cspilman
cspilman

Part and Inventory Search

Sponsor

Back
Top