Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ssh - rsa

Posted on 2014-01-31
11
Medium Priority
?
398 Views
Last Modified: 2014-02-14
I was told to scp the following files from master server to all other 4 servers and remove the known_hosts file from ~/.ssh directory.

ssh_host_rsa_key.pub
ssh_host_rsa_key


is it ok to remove known_hosts file?

I did accedently removed the known_hosts file from all 4 servers as well. what is the impact?
0
Comment
Question by:ittechlab
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39825362
The known_hosts file is important on the source machine (the one you come from) to make sure that the intended target host is reached and not a fake one.
It is not important on the target machine (the one you connect to)
0
 

Author Comment

by:ittechlab
ID: 39825441
i created a new user on a system and I don't see .ssh directory under the user's home directory.  do we have to create manually?
0
 

Author Comment

by:ittechlab
ID: 39825454
here is what i did

[user1@system4~]$ ssh-keygen -t rsa
[user1@system4 ~]$ cd .ssh
[user1@system4 .ssh]$ ls
id_rsa  id_rsa.pub

[user1@system4 .ssh]$ ssh-copy-id -i id_rsa.pub system4

.ssh/authorized_keys

to make sure we haven't added extra keys that you weren't expecting.

[user1@system4 .ssh]$ scp -p id_rsa* system1:`pwd`

scp: /home/user1/.ssh: No such file or directory
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:ittechlab
ID: 39825457
basically i created rsa keys and did ssh-copy-id to create authorized_keys on the same server.

I have three other systems and I have the same user on three systems. I am trying to copy the rsa.pub, private key and authorized_keys to other system so this user no need to login with the password in the future.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39825465
Depends. If you have enabled automatic or prompted acceptance of foreign host keys in ssh_config then the known_hosts file and the .ssh directory where it is in will be created by the ssh client.
During key pair creation the directory will be created as well.
Only if you want to create files there on your own (authorized_keys or environment, for example) then you must of course create the .ssh directory first.
0
 

Author Comment

by:ittechlab
ID: 39825473
its fresh install rhel 5.8 and no changes happened. when i ssh from system4 to system1 as a user1 wouldn't it create .ssh directory?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39825481
You're too fast!

Let's proceed step by step, and please don't panic! Don't post additional comments before I had my chance to answer!

OK?
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 39825492
1) Just ssh'ing somewhere does not create remote directories, thus it doesn't create .ssh, of course.

2) ssh-copy-id does create the remote .ssh directory, however (and the authorized_keys file therein).

3) Following your comment 39825454 you ran ssh-copy-id against system4 where .ssh already existed due to ssh-keygen, but then you tried to copy the rsa keys to system1! Who is supposed to have created .ssh on system1?
0
 
LVL 68

Assisted Solution

by:woolmilkporc
woolmilkporc earned 1035 total points
ID: 39825496
4) You can create the authorized_keys file (and the .ssh directory) on the other systems with ssh-copy-id. Done that you can then scp the keys there.

[user1@system4 .ssh]$ ssh-copy-id -i id_rsa.pub system1
[user1@system4 .ssh]$ scp -p id_rsa* system1:`pwd`

[user1@system4 .ssh]$ ssh-copy-id -i id_rsa.pub system2
[user1@system4 .ssh]$ scp -p id_rsa* system2:`pwd`

[user1@system4 .ssh]$ ssh-copy-id -i id_rsa.pub system3
[user1@system4 .ssh]$ scp -p id_rsa* system3:`pwd`
0
 

Author Comment

by:ittechlab
ID: 39830386
Thanks.

However, when you try to connect to a server (hostname) for the first time, SSH will ask you  whether you accept new RSA key fingerprint. , you have to enter "yes".
To avoid entering "yes" for background applications what steps I should be doing? Please give me the detail step.
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 1035 total points
ID: 39830450
That's a security measure initiated by the client, to keep under control what's added to the known_hosts file.

You can avoid being asked for acceptance of new host keys

- either by a commandline option of ssh:

ssh -o StrictHostKeyChecking=no user@host

- or by adding the same option to an ssh config file, either on a per-user basis to "~/.ssh/config" or system wide to "/etc/ssh/ssh_config":

StrictHostKeyChecking no

This way ssh will automatically add new host keys to the user's "known_hosts" file.

The default for this option is "ask".

Please note that the system wide config file in question is the client config file, so it's indeed ssh_config and not sshd_config!
0

Featured Post

Learn Veeam advantages over legacy backup

Every day, more and more legacy backup customers switch to Veeam. Technologies designed for the client-server era cannot restore any IT service running in the hybrid cloud within seconds. Learn top Veeam advantages over legacy backup and get Veeam for the price of your renewal

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question