Known Host Keys
Prevent man in the middle attacks.
SSH clients store host keys for hosts they have ever connected to. These stored host keys are called known host keys, and the collection is often called known hosts. In OpenSSH, the collection of known host keys is stored in
.ssh/known_hostsin each user's home directory.
Each host (i.e., computer) should have a unique host key. Sharing host keys is strongly not recommended, and can result in vulnerability to man-in-the-middle attacks. However, in computing clusters sharing hosts keys may sometimes be acceptable and practical.
What is the use of the file known hosts? What's in it?
ssh will record the public key of every computer you have visited in the known hosts. OpenSSH checks the public key the next time it accesses the same computer. If the public key is different, OpenSSH will warn you to avoid attacks like DNS Hijack.
Provide SSH client with password free login.
Authorized keys are configured separately for each user - usually in the
.ssh/authorized_keysfile in the user's home directory. However, the location of the keys can be configured in SSH server configuration files, and is often changed to a root-owned location in more secure environments.
Technically, an authorized key looks like this:
Public private key generation
Ssh-keygenis a tool for creating new authentication key pairs for SSH. Such key pairs are used for automating logins, single sign-on, and for authenticating hosts.
The simplest way to generate a key pair is to run
ssh-keygenwithout arguments. In this case, it will prompt for the file in which to store keys. Here's an example:
klar (11:39) ~>ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/ylo/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/ylo/.ssh/id_rsa. Your public key has been saved in /home/ylo/.ssh/id_rsa.pub. The key fingerprint is: SHA256:Up6KjbnEV4Hgfo75YM393QdQsK3Z0aTNBz0DoirrW+c ylo@klar The key's randomart image is: +---[RSA 2048]----+ | . ..oo..| | . . . . .o.X.| | . . o. ..+ B| | . o.o .+ ..| | ..o.S o.. | | . %o= . | | @.B... . | | o.=. o. . . .| | .oo E. . .. | +----[SHA256]-----+ klar (11:40) ~>
Copy the local public key to the authorized key file on the remote host to provide password free login.
ssh-copy-idinstalls an SSH key on a server as an authorized key. Its purpose is to provision access without requiring a password for each login. This facilitates automated, passwordless logins and single sign-on using the SSH protocol.