[SOLVED] Difference between .ssh/known_hosts and .ssh/authorized_keys
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Difference between .ssh/known_hosts and .ssh/authorized_keys
Hello everyone!
I am trying to access a server "saturn" from my machine "mars", using ssh protocol. Infact, I am running a script from saturn on mars, and script contain a line:
ssh root@mars.org.com
To enable a password-less login for root on mars from saturn, I generated my rsa keys on saturn and now want to append that in /.ssh/authorized_keys file on mars. But there's no such file existing.
But there (on mars) exists a file named known_hosts, which I am not sure how works!
What's difference between authorized_keys and known_hosts files? How to use known_hosts if there's no authorized_keys exists?
Thanks in advance!
Thanks for your reply. Although I am aware about the process to add keys to authorized_keys file, but the question is, what "known_hosts" file doing there? As I can see some encypted keys inside that known_hosts file, and I think those keys belong to different hosts who connect on "saturn" without a password.
So is there any difference of appending ssh keys into authorized_keys and known_hosts? What difference does it make? Will adding ssh keys to known_hosts work same as authorized_keys do? Please explain anybody. Thanks a lot.
Thanks for your reply. Although I am aware about the process to add keys to authorized_keys file, but the question is, what "known_hosts" file doing there? As I can see some encypted keys inside that known_hosts file, and I think those keys belong to different hosts who connect on "saturn" without a password.
So is there any difference of appending ssh keys into authorized_keys and known_hosts? What difference does it make? Will adding ssh keys to known_hosts work same as authorized_keys do? Please explain anybody. Thanks a lot.
/.ssh/known_hosts file is a local user database. This is used for
server authentication.The client checks this file for the remote machine's entry to
authenticate the server as a host that has connected to the server before.so to answer your question, no, you don't add, keys to the known host file, just to authorized_keys file, it will make a difference.The difference is makes is ssh via keys wont work lol.
It stores the fingerprint of the servers you connect to, from that client machine.
So if you connect to a server you have previously visited and the fingerprint is different, you get warned that it could be a different machine or the ssh server has been altered and may not be "trustworthy" any more.
Alright! The exact situation is, many other user's are also run their scripts from their local systems on the remote server i.e. saturn, & they also connect to the server through ssh password-less login. So if there's no authorized_keys file existing then how others are using ssh over there & connecting to that server without supplying a password? I think they are somewhere using known_hosts file... ain't they? However, I just want to understand what other's are doing, so it would make my work little easy rather than creating a authorized_keys file.
If the earlier explanation did not do it for you....
The user can manipulate the authorized_keys file to set up authentication by keys. The known_hosts file is NOT for the user to administrate, the application populates it for you. The only time you need to access it might be to remove a record when teh signature of a host has changed.
For authorized_keys you can add records, never remove records except to dis-allow a connection. For known_hosts you never add a record directly, and only remote one to enable a changed connection.
IF you need more detail than that, I suggest you search out and read the OpenSSH documentation.
BTW: I prefer to test access with password first, then use ssh-copy-id to populate the remote authorized_keys file with proper permissions etc in a single step.
Well, I've got something interesting over Internet. There're two types of authentication:-
1. Key pairs and host-based authentication:- A method a discussed above. Generate rsa keys & add it to authorized_keys...
2. Host-Based authentication:- In trusted-host authentication, the SSH server does not directly authenticate a user based on something he knows or has (e.g. password or private key). Rather, it authenticates the client host, and then trusts that host to say who the user is (i.e., which client-side account he has already been authenticated to use). It then consults server-side configuration to determine which account names on the client host are allowed access to which server accounts. ~/.ssh/known_hosts files contain host public keys for all known hosts.
I think it would be better to go with authorized_keys, rather than any host based authentication.
I will make a try & let you know in case of any pb.
Thanks everyone for your responses!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.