Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-15-2007, 07:36 AM
|
#1
|
LQ Newbie
Registered: Sep 2005
Location: Warsaw, Poland
Distribution: OpenSuse
Posts: 2
Rep:
|
How to import ssh_host_dsa_key.pub to known_hosts file?
Hello All,
I have problem with import foregin server dsa key (ssh_host_dsa_key.pub) to my known_hosts file. I set up my ssh config to allow connection only to known hosts bye seting:
StrictHostKeyChecking yes
in config file, but I do not know how to add ssh_host_dsa_key.pub to known_hosts file. I try do this directly (using: cat ssh_host_dsa_key.pub >> /etc/ssh/know_hosts) but it is not working. If I change StrictHostKeyChecking value to ask and copy it from my .ssh/know_host file, it is work but key inside known_hosts is different from server public key. How I can convert ssh_host_dsa_key.pub to format accepted by know_host file? I found on the internet information that :
(..)
- The first field is the hostname, i.e. the SSH server. The IP address is also listed - a number of comma separated hostnames and IP addresses can be listed.
- The second field is the applicable public key algorithm -"ssh-rsa" (for RSA key pairs) or "ssh-dss" (for DSA key pairs).
- The third field is the public key encoded using base 64.
(..)
but I cannot find how to do this. I cannot make ssh connection and next copy the newly created key from local known_host file due to securetty reason. Coudl you help me, please?
PS
# ssh -V
OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005
Last edited by nemezis_at; 03-15-2007 at 08:42 AM.
|
|
|
03-16-2007, 03:47 PM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
I'm missing something. If you do an ssh to the host in question from the host where you want the it added to the known_host it should prompt you to add the key automatically.
Are you sure you want "known" hosts rather than "trusted" hosts?
|
|
|
03-19-2007, 10:56 AM
|
#3
|
LQ Newbie
Registered: Sep 2005
Location: Warsaw, Poland
Distribution: OpenSuse
Posts: 2
Original Poster
Rep:
|
Quote:
Originally Posted by jlightner
I'm missing something. If you do an ssh to the host in question from the host where you want the it added to the known_host it should prompt you to add the key automatically.
|
Hi,
If you set parameter " StrictHostKeyChecking yes" you will be able to connect only to hosts presents in known_host file. So you must add the target hosts public key to know host file first. In RSA 1 and RSA 2 there is no problem (just copy it and add at the begining host name or IP), but in DSA key need to be converted (I do not know how to do it).
|
|
|
03-19-2007, 11:57 AM
|
#4
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
You don't need to "convert". You may need another key for dsa is all.
On the host you want to be "known" check to be sure it has the id_dsa and id_dsa.pub for the user. If not you can run "ssh-keygen -t dsa". This creates both a private (id_dsa) key file and a public (id_dsa.pub) key file. You just copy the contents of the id_dsa.pub from that host to the known_hosts file on your other server.
|
|
|
All times are GMT -5. The time now is 10:51 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|