.ssh directory on AIX 5.3

I have a user that does not have the .ssh under his profile.  Is there a way to create by default and have know_hosts in the .ssh directory.  I do not want to just execute mkdir .ssh and then touch known_hosts.  Is there a better way to create .ssh? I have a few other users; the .ssh was created automatically. Thanks.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


nice to meet you!

It's absolutely no problem to create the .ssh subdirectory using mkdir.

Just take care to set its permissions as 700.

The known_hosts file will be created automatically the first time a host key has to be added. If you prefer creating it manually, set permissions as 644.

If you don't want to acknowledge the adding of a host key each time a new host is accessed, you can copy the known_hosts file of another user, if your security policy would allow that.



... if you really, really don't want to use mkdir - ssh-keygen will create the .ssh subdirectory! You must be logged in as the concerned user, or (what I forgot to mention above) - the owner of the newly created .ssh subdirectory must be set to the user in whose home directory it is going to reside, of course.

AIX25Author Commented:
ssh-keygen will create .ssh only?
Exploring ASP.NET Core: Fundamentals

Learn to build web apps and services, IoT apps, and mobile backends by covering the fundamentals of ASP.NET Core and  exploring the core foundations for app libraries.

AIX25Author Commented:
I created .ssh.  Signed out and then signed back in and there is no known_hosts file created? WHat should I do to resolve this?
Just acces a remote host via ssh. You will be prompted to acknowledge the new host key. After having done that, a new known_hosts file will be there, containing just that one key. By accessing more remote hosts, the file will get filled step-by-step.

All permissions and ownership correct?

AIX25Author Commented:
I created a RSA key to connect to the remote server and I get this error:
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /data/db2/db2inst1/.ssh/known_hosts to get rid of this message.
Offending key in /data/db2/db2inst1/.ssh/known_hosts:1
RSA host key for ***.**.**.** has changed and you have requested strict checking.
Host key verification failed.

Because there is no known_hosts file under .ssh directory, I keep getting this error.  I create the rsa.pub key and copied it to another remote server.  Why isnt .ssh getting created on its own with known_hosts? .ssh got created automatically for my username.

you didn'tell me that you use strict hostkey checking. This means that a host key cannot be added "on the fly" to your known_hosts file.
If you must stay with strict checking, you'll have to contact the administrator(s) of any remote host you want to access, and ask them to pass you their hostkey, which you then must add manually to your known_hosts file.

Assuming they sent you a file containing the key named 'host1.key' do the following

- login as the concerned user
- 'cd .ssh'
- 'cat /path/to/host1.key >> known_hosts'
- 'chmod 644 known_hosts'

.ssh got created automatically for you when you ran ssh-keygen.
known_hosts only gets created automatically without strict hostkey checking.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Maybe the man page of ssh_config explains it better:

 If this flag is set to ''yes'', ssh will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, however, can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained, or connections to new hosts are frequently made. This option forces the user to manually add all new hosts. If this flag is set to ''no'', ssh will automatically add new host keys to the user known hosts files. If this flag is set to ''ask'', new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases. The argument must be ''yes'', ''no'' or ''ask''. The default is ''ask''.

AIX25Author Commented:
I have root access to the remote server.  The concerned user did not have a .ssh directory.  I manually created a .ssh directory and created a known_hosts file.  Where do I get the hostkey from the remote server?
The host key consists of a public/private key pair, just as the users' keys do. The deafult location for the private keys is /etc/ssh.
Their names are ssh_host_key for protocol version 1, and ssh_host_rsa_key and ssh_host_dsa_key for protocol version 2. The public keys have the same names with a suffix '.pub' and are usually left in the same location, but that's not mandatory.
You need one (or all) of the .pub keys, according to protocol version and encryption method.
Transfer the key(s) to your local machine and add them to authorized_keys, as I wrote above.
When using ftp, keep in mind to use 'binary' transfer.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.