Populating the SSH known_hosts File

The known_hosts file is in the installation directory at ~/.ssh/known_hosts (On Solaris/Linux, that is the Redcell running user's home directory (for example /root or /export/home/username. On Windows it is the same as $OWARE_USER_ROOT). If you enable strict host key checking you must make sure that this file has all the host keys for all devices you plan to manage that support SSHv2.

One way to populate the known_hosts file is to connect to each device on the command line in a way that it will add a host entry to the known_hosts file. Below is an example session on Windows.

 

C:\dorado>oware

~:ssh -o StrictHostKeyChecking=ask -l admin 192.168.1.118

The authenticity of host '192.168.1.118 (192.168.1.118)' can't be established.

RSA key fingerprint is 90:b7:2a:e0:64:30:6a:74:9c:e8:7b:75:61:48:52:7b.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added '192.168.1.118' (RSA) to the list of known hosts.

admin@192.168.1.118's password:

Last login: Thu Sep 10 14:23:08 2009 from 10.35.35.2

--- JUNOS 9.5R1.8 built 2009-04-13 19:25:06 UTC

admin@M5-118>

 

After this you should see an entry in ~/.ssh/known_hosts that looks similar to the following

 

192.168.1.118 ssh-rsa AAAAB3NzaC1yc2EAAAAB

IwAAAIEAlpZUs99PM1fI

2DWtpV/pc2YVK8CvRVQg

DOnvBcS7HFc5IECr+bF1

o6PfEijQ8TILILbJRFtD

bJeZOK0+0cJs8lRNNT3R

j9b79AMCVH0syGiPm7+d

OkqiVVa8FtSkz8VxgpiL

MI959xVr1WKLXsvAtj6b

DbCdN0golL9/h8H8+uk=

 

The problem with this approach is that you must restart the mediation server after the known_hosts file has been populated for the changes to take effect.

To populate the known_hosts file without having to restart the mediation server, follow these steps:

1. Add an entry in the ssh_config file setting StrictHostKeyChecking to no for the devices you want to add to the known_hosts file.

2. Connect to each of the devices in Redcell using SSHv2 credentials. This adds an entry to the known_hosts file.

3. Remove the entry added to the ssh_config file or change the setting StrictHostKeyChecking to yes.