LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-15-2007, 07:36 AM   #1
nemezis_at
LQ Newbie
 
Registered: Sep 2005
Location: Warsaw, Poland
Distribution: OpenSuse
Posts: 2

Rep: Reputation: 0
Question How to import ssh_host_dsa_key.pub to known_hosts file?


Hello All,

I have problem with import foregin server dsa key (ssh_host_dsa_key.pub) to my known_hosts file. I set up my ssh config to allow connection only to known hosts bye seting:
StrictHostKeyChecking yes
in config file, but I do not know how to add ssh_host_dsa_key.pub to known_hosts file. I try do this directly (using: cat ssh_host_dsa_key.pub >> /etc/ssh/know_hosts) but it is not working. If I change StrictHostKeyChecking value to ask and copy it from my .ssh/know_host file, it is work but key inside known_hosts is different from server public key. How I can convert ssh_host_dsa_key.pub to format accepted by know_host file? I found on the internet information that :
(..)
  • The first field is the hostname, i.e. the SSH server. The IP address is also listed - a number of comma separated hostnames and IP addresses can be listed.
  • The second field is the applicable public key algorithm -"ssh-rsa" (for RSA key pairs) or "ssh-dss" (for DSA key pairs).
  • The third field is the public key encoded using base 64.

(..)

but I cannot find how to do this. I cannot make ssh connection and next copy the newly created key from local known_host file due to securetty reason. Coudl you help me, please?

PS
# ssh -V
OpenSSH_4.2p1, OpenSSL 0.9.7g 11 Apr 2005

Last edited by nemezis_at; 03-15-2007 at 08:42 AM.
 
Old 03-16-2007, 03:47 PM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
I'm missing something. If you do an ssh to the host in question from the host where you want the it added to the known_host it should prompt you to add the key automatically.

Are you sure you want "known" hosts rather than "trusted" hosts?
 
Old 03-19-2007, 10:56 AM   #3
nemezis_at
LQ Newbie
 
Registered: Sep 2005
Location: Warsaw, Poland
Distribution: OpenSuse
Posts: 2

Original Poster
Rep: Reputation: 0
Quote:
Originally Posted by jlightner
I'm missing something. If you do an ssh to the host in question from the host where you want the it added to the known_host it should prompt you to add the key automatically.
Hi,

If you set parameter "StrictHostKeyChecking yes" you will be able to connect only to hosts presents in known_host file. So you must add the target hosts public key to know host file first. In RSA 1 and RSA 2 there is no problem (just copy it and add at the begining host name or IP), but in DSA key need to be converted (I do not know how to do it).
 
Old 03-19-2007, 11:57 AM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
You don't need to "convert". You may need another key for dsa is all.

On the host you want to be "known" check to be sure it has the id_dsa and id_dsa.pub for the user. If not you can run "ssh-keygen -t dsa". This creates both a private (id_dsa) key file and a public (id_dsa.pub) key file. You just copy the contents of the id_dsa.pub from that host to the known_hosts file on your other server.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Opening a .pub file dxdad Linux - Software 4 12-11-2014 05:40 PM
OpenSSH - use mulitple entries in known_hosts? yogaboy Linux - Security 3 02-03-2007 12:38 PM
how to import XML or HTML file into mediawiki file?? apzc2529 Linux - Server 0 11-10-2006 06:58 AM
Import using compressed file malru AIX 1 06-28-2006 05:42 AM
ssh known_hosts question lthaus Linux - Security 1 12-08-2004 09:07 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration