Populating the SSH known_hosts File
The known_hosts file is in the installation directory at ~/.ssh/known_hosts (On Solaris/Linux, that is the Redcell running user's home directory (for example /root or /export/home/username. On Windows it is the same as $OWARE_USER_ROOT). If you enable strict host key checking you must make sure that this file has all the host keys for all devices you plan to manage that support SSHv2.
One way to populate the known_hosts file is to connect to each device on the command line in a way that it will add a host entry to the known_hosts file. Below is an example session on Windows.
~:ssh -o StrictHostKeyChecking=ask -l admin 192.168.1.118
The authenticity of host '192.168.1.118 (192.168.1.118)' can't be established.
RSA key fingerprint is 90:b7:2a:e0:64:30:6a:74:9c:e8:7b:75:61:48:52:7b.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.1.118' (RSA) to the list of known hosts.
Last login: Thu Sep 10 14:23:08 2009 from 10.35.35.2
--- JUNOS 9.5R1.8 built 2009-04-13 19:25:06 UTC
After this you should see an entry in ~/.ssh/known_hosts that looks similar to the following
192.168.1.118 ssh-rsa AAAAB3NzaC1yc2EAAAAB
The problem with this approach is that you must restart the mediation server after the known_hosts file has been populated for the changes to take effect.
To populate the known_hosts file without having to restart the mediation server, follow these steps:
1. Add an entry in the ssh_config file setting StrictHostKeyChecking to no for the devices you want to add to the known_hosts file.
2. Connect to each of the devices in Redcell using SSHv2 credentials. This adds an entry to the known_hosts file.
3. Remove the entry added to the ssh_config file or change the setting StrictHostKeyChecking to yes.