All geek questions in one place

Add public key to known_hosts file

I am trying to copy the public key from server A to the known_hosts file on server B. They are both Linux servers. I initially thought about opening a public key file and copying its contents to the known_hosts file, but I suspect this is the wrong method. Does anyone know how to do this correctly?

My public key is in ssh-rsa AADGD...

Can anyone help?

Thanks!

+14
source share
4 answers

I answered an almost similar answer to SuperUser a few days ago. Important parts:

  • The format is different
  • Each server has different keys (types) (make sure you insert the one that is actually used)
  • There is ssh-keyscan that can create a format for you

Otherwise, just prefix your key with the server IP address (you can also add the host name after the decimal point), remove the comment from the end of the line, and you are fine. The format is as follows:

 11.22.33.44 ssh-rsa AADGD...

And one more note: if you use HashKnownHosts yes (Debian and Ubuntu does), you need to reuse your known_hosts , for example:

 ssh-keygen -Hf ~/.ssh/known_hosts
+7
source

Here is how I did it.

  1. Generate the key on the host server. Using the command below.

* ssh-keyscan -t rsa fully qualified server name

Command line and output

  1. Now copy the selected partition (in the figure) and add this key to the known_host file on the source server. Of course, the location of this file may be different for different environments.
+4
source

Just encountering this problem, here is how I approached it:

Over time, I copy files mechanically through

 ssh-keyscan server-name >> ~/.ssh/known_hosts

gave me duplicate entries in .ssh / known_hosts.

Other manual methods required me to create a .ssh directory does not exist yet, etc.

I decided to just let ssh handle this:

 ssh -o StrictHostKeyChecking=no server-name ls

The -o StrictHostKeyChecking=no automatically answers yes to

 The authenticity of host 'server-name (12.345.678.900)' can't be established. RSA key fingerprint is XXXXXXX. Are you sure you want to continue connecting (yes/no)?

message (enter here all warnings about an accidental connection to computers that you do not know).

The ls is just a downy command that will be executed and cause SSH to disconnect after completion. You can change it to any fluff command that you like.

ssh will take care of creating a .ssh dir (if necessary), adding only one copy of the key, etc.

Platform: macOS 10.14

+2
source

Assuming you have a file called publickey.pub , do this:

  1. scp public key .pub on the desired servers
  2. run for AWS instances ubuntu sudo / bin / bash -c "cat / $ USER_PATH / public_key.pub >> $ USER_PATH / .ssh / authorized_keys"
  3. for known_hosts = run 'sudo / bin / bash -c "cat / $ USER_PATH / public_key.pub >> $ USER_PATH / .ssh / known_hosts"
  4. SSH test

Note. Be sure to check the format of the public key. The ones I have seen so far start with an encryption algorithm like ssh-rsa

0
source

Source: https://habr.com/ru/post/1241054/

More articles:


All Articles