Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


.ssh directory on AIX 5.3

Posted on 2009-07-14
Medium Priority
Last Modified: 2013-11-17
I have a user that does not have the .ssh under his profile.  Is there a way to create by default and have know_hosts in the .ssh directory.  I do not want to just execute mkdir .ssh and then touch known_hosts.  Is there a better way to create .ssh? I have a few other users; the .ssh was created automatically. Thanks.
Question by:AIX25
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
LVL 68

Expert Comment

ID: 24853470

nice to meet you!

It's absolutely no problem to create the .ssh subdirectory using mkdir.

Just take care to set its permissions as 700.

The known_hosts file will be created automatically the first time a host key has to be added. If you prefer creating it manually, set permissions as 644.

If you don't want to acknowledge the adding of a host key each time a new host is accessed, you can copy the known_hosts file of another user, if your security policy would allow that.



LVL 68

Expert Comment

ID: 24853507
... if you really, really don't want to use mkdir - ssh-keygen will create the .ssh subdirectory! You must be logged in as the concerned user, or (what I forgot to mention above) - the owner of the newly created .ssh subdirectory must be set to the user in whose home directory it is going to reside, of course.


Author Comment

ID: 24853654
ssh-keygen will create .ssh only?
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.


Author Comment

ID: 24853708
I created .ssh.  Signed out and then signed back in and there is no known_hosts file created? WHat should I do to resolve this?
LVL 68

Expert Comment

ID: 24853809
Just acces a remote host via ssh. You will be prompted to acknowledge the new host key. After having done that, a new known_hosts file will be there, containing just that one key. By accessing more remote hosts, the file will get filled step-by-step.

All permissions and ownership correct?


Author Comment

ID: 24853846
I created a RSA key to connect to the remote server and I get this error:
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /data/db2/db2inst1/.ssh/known_hosts to get rid of this message.
Offending key in /data/db2/db2inst1/.ssh/known_hosts:1
RSA host key for ***.**.**.** has changed and you have requested strict checking.
Host key verification failed.

Because there is no known_hosts file under .ssh directory, I keep getting this error.  I create the key and copied it to another remote server.  Why isnt .ssh getting created on its own with known_hosts? .ssh got created automatically for my username.
LVL 68

Accepted Solution

woolmilkporc earned 2000 total points
ID: 24853936

you didn'tell me that you use strict hostkey checking. This means that a host key cannot be added "on the fly" to your known_hosts file.
If you must stay with strict checking, you'll have to contact the administrator(s) of any remote host you want to access, and ask them to pass you their hostkey, which you then must add manually to your known_hosts file.

Assuming they sent you a file containing the key named 'host1.key' do the following

- login as the concerned user
- 'cd .ssh'
- 'cat /path/to/host1.key >> known_hosts'
- 'chmod 644 known_hosts'

.ssh got created automatically for you when you ran ssh-keygen.
known_hosts only gets created automatically without strict hostkey checking.

LVL 68

Expert Comment

ID: 24853987
Maybe the man page of ssh_config explains it better:

 If this flag is set to ''yes'', ssh will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, however, can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained, or connections to new hosts are frequently made. This option forces the user to manually add all new hosts. If this flag is set to ''no'', ssh will automatically add new host keys to the user known hosts files. If this flag is set to ''ask'', new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases. The argument must be ''yes'', ''no'' or ''ask''. The default is ''ask''.


Author Comment

ID: 24854293
I have root access to the remote server.  The concerned user did not have a .ssh directory.  I manually created a .ssh directory and created a known_hosts file.  Where do I get the hostkey from the remote server?
LVL 68

Assisted Solution

woolmilkporc earned 2000 total points
ID: 24854397
The host key consists of a public/private key pair, just as the users' keys do. The deafult location for the private keys is /etc/ssh.
Their names are ssh_host_key for protocol version 1, and ssh_host_rsa_key and ssh_host_dsa_key for protocol version 2. The public keys have the same names with a suffix '.pub' and are usually left in the same location, but that's not mandatory.
You need one (or all) of the .pub keys, according to protocol version and encryption method.
Transfer the key(s) to your local machine and add them to authorized_keys, as I wrote above.
When using ftp, keep in mind to use 'binary' transfer.


Featured Post

On Demand Webinar: Networking for the Cloud Era

Ready to improve network connectivity? Watch this webinar to learn how SD-WANs and a one-click instant connect tool can boost provisions, deployment, and management of your cloud connection.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
A metadevice consists of one or more devices (slices). It can be expanded by adding slices. Then, it can be grown to fill a larger space while the file system is in use. However, not all UNIX file systems (UFS) can be expanded this way. The conca…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question