.ssh directory on AIX 5.3

Posted on 2009-07-14
Last Modified: 2013-11-17
I have a user that does not have the .ssh under his profile.  Is there a way to create by default and have know_hosts in the .ssh directory.  I do not want to just execute mkdir .ssh and then touch known_hosts.  Is there a better way to create .ssh? I have a few other users; the .ssh was created automatically. Thanks.
Question by:AIX25
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
LVL 68

Expert Comment

ID: 24853470

nice to meet you!

It's absolutely no problem to create the .ssh subdirectory using mkdir.

Just take care to set its permissions as 700.

The known_hosts file will be created automatically the first time a host key has to be added. If you prefer creating it manually, set permissions as 644.

If you don't want to acknowledge the adding of a host key each time a new host is accessed, you can copy the known_hosts file of another user, if your security policy would allow that.



LVL 68

Expert Comment

ID: 24853507
... if you really, really don't want to use mkdir - ssh-keygen will create the .ssh subdirectory! You must be logged in as the concerned user, or (what I forgot to mention above) - the owner of the newly created .ssh subdirectory must be set to the user in whose home directory it is going to reside, of course.


Author Comment

ID: 24853654
ssh-keygen will create .ssh only?
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI


Author Comment

ID: 24853708
I created .ssh.  Signed out and then signed back in and there is no known_hosts file created? WHat should I do to resolve this?
LVL 68

Expert Comment

ID: 24853809
Just acces a remote host via ssh. You will be prompted to acknowledge the new host key. After having done that, a new known_hosts file will be there, containing just that one key. By accessing more remote hosts, the file will get filled step-by-step.

All permissions and ownership correct?


Author Comment

ID: 24853846
I created a RSA key to connect to the remote server and I get this error:
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
Please contact your system administrator.
Add correct host key in /data/db2/db2inst1/.ssh/known_hosts to get rid of this message.
Offending key in /data/db2/db2inst1/.ssh/known_hosts:1
RSA host key for ***.**.**.** has changed and you have requested strict checking.
Host key verification failed.

Because there is no known_hosts file under .ssh directory, I keep getting this error.  I create the key and copied it to another remote server.  Why isnt .ssh getting created on its own with known_hosts? .ssh got created automatically for my username.
LVL 68

Accepted Solution

woolmilkporc earned 500 total points
ID: 24853936

you didn'tell me that you use strict hostkey checking. This means that a host key cannot be added "on the fly" to your known_hosts file.
If you must stay with strict checking, you'll have to contact the administrator(s) of any remote host you want to access, and ask them to pass you their hostkey, which you then must add manually to your known_hosts file.

Assuming they sent you a file containing the key named 'host1.key' do the following

- login as the concerned user
- 'cd .ssh'
- 'cat /path/to/host1.key >> known_hosts'
- 'chmod 644 known_hosts'

.ssh got created automatically for you when you ran ssh-keygen.
known_hosts only gets created automatically without strict hostkey checking.

LVL 68

Expert Comment

ID: 24853987
Maybe the man page of ssh_config explains it better:

 If this flag is set to ''yes'', ssh will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, however, can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained, or connections to new hosts are frequently made. This option forces the user to manually add all new hosts. If this flag is set to ''no'', ssh will automatically add new host keys to the user known hosts files. If this flag is set to ''ask'', new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases. The argument must be ''yes'', ''no'' or ''ask''. The default is ''ask''.


Author Comment

ID: 24854293
I have root access to the remote server.  The concerned user did not have a .ssh directory.  I manually created a .ssh directory and created a known_hosts file.  Where do I get the hostkey from the remote server?
LVL 68

Assisted Solution

woolmilkporc earned 500 total points
ID: 24854397
The host key consists of a public/private key pair, just as the users' keys do. The deafult location for the private keys is /etc/ssh.
Their names are ssh_host_key for protocol version 1, and ssh_host_rsa_key and ssh_host_dsa_key for protocol version 2. The public keys have the same names with a suffix '.pub' and are usually left in the same location, but that's not mandatory.
You need one (or all) of the .pub keys, according to protocol version and encryption method.
Transfer the key(s) to your local machine and add them to authorized_keys, as I wrote above.
When using ftp, keep in mind to use 'binary' transfer.


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Installing FreeBSD… FreeBSD is a darling of an operating system. The stability and usability make it a clear choice for servers and desktops (for the cunning). Savvy?  The Ports collection makes available every popular FOSS application and packag…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question