I've got a secure transmission system where I'm pushing host keys to a database and I'm trying to install keys generated on a Ubuntu 15 machines and install them them on a SLES 11 machine and I'm trying to install keys generated on a Centos 7 machine on that Ubuntu 15 machine.
So, is there a common mechanism for each of these machines to install host keys, this is getting really confusing and I'm thinking I'm being a bit over scrupulous. Everything is supposed to be automated and I'm figured out a decent method for collecting the keys, I just don't know where the right place to put them on the machine
Here's a key on the centos machine:
[root@centos ~]# cat /etc/ssh/ssh_host_ecdsa_key.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIl8BT33T4sEAgG56CItPWep/N3IKaUaw8Xy6Fn6k9SLsARi9zZk9FAd6H6DfbIxzkz1sjSjfq1JSVyd3slKf4M=
and here's what it looks like when I import it (via ssh manually accepting it) in my knownhosts on my ubuntu machine
root@ubuntu:/home# cat aaron/.ssh/known_hosts
|1|F+Hr+T8eulEpFFFhwdJKdcOg6yQ=|yM/XLEkDPFUWO/g9vPOONBkRvtE= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIl8BT33T4sEAgG56CItPWep/N3IKaUaw8Xy6Fn6k9SLsARi9zZk9FAd6H6DfbIxzkz1sjSjfq1JSVyd3slKf4M=
So, it looks like the first part is in the known_hosts file is something encrypted and on the SLES machines, that part is not encrypted, so it's a bit simpler.
So my questions are
- How do I come up with that encrypted part so I can echo it in to the known_hosts file?
- How do I know if a given linux system is expecting the first hunk to be encrypted?
Best Answer
Manual page for
sshd
describes format of the file:Except the part
bits, exponent, modulus
is now used together as public key. The hostname is hashed, but you can write it as a string and then runssh-keygen
over the file:for example
ssh-keygen -H -f ~/.ssh/known_hosts