SSH Tips: How to Add an SSH Fingerprint to Your Known_Hosts File
If you’re using an SSH connection, whether it’s to your development environment or to your server, you want to make sure that the SSH key being used to authenticate with the remote host actually belongs to that host and hasn’t been replaced by an attacker who’s trying to steal your data or access your network. One way to accomplish this is by adding the fingerprint of the SSH key in your known_hosts file. This will ensure that your connection with the remote host doesn’t fail because someone has replaced its SSH key with their own.
How to Check Host Keys
You can check your current host keys by running the following command: ssh-keygen -l -f ~/.ssh/known_hosts. This will list all of the fingerprints in your known_hosts file. If you see a host key that you don’t recognize, you can remove it by running the following command: ssh-keygen -R 192.168.1.105 which removes the unknown host key from your know_hosts file. After this is done, you should run: ssh-keygen -A and then finally: ssh-keygen -l -f ~/.ssh/known_hosts again to confirm that they’re gone!
How to Automatically Add SSH Host Keys to Your Known_Hosts File: To automate the process of adding new hosts to your known_hosts file automatically, edit your /etc/ssh/sshd_config file (with sudo or another appropriate editor) and find the line containing AuthorizedKeysFile. Change this line to AuthorizedKeysFile .ssh/authorized_keys and save the changes. Now when you try connecting with a new host for the first time, it will automatically be added with no need for manual intervention on your part.
Editing the Files Manually
If you’re using Linux, you can edit the `~/.ssh/known_hosts` file manually to add an SSH fingerprint. Just open the file in a text editor and add the following line, substituting in the appropriate fingerprint of the host that you are connecting to:
The original blog post concluded with Just open the file in a text editor and add the following line, substituting in the appropriate fingerprint of the host that you are connecting to. However, if you need to access this information on your mobile device or any other platform that doesn’t support editing files, you’ll need another option. You can use ssh-keygen (Linux) or PuTTYgen (Windows) to import an SSH key into your known_hosts file. To do so, click Add Key then navigate to the public key (*.pub) for the server from which you will be accessing the remote system from and hit Open. Then input any username/password combo necessary and hit Save.
Creating a Script
If you manage multiple Linux servers, you know that it can be a pain to add each server’s SSH fingerprint to your known_hosts file. But there’s a way to make it easier! By creating a script, you can automate the process so that all you have to do is run the script and add the fingerprints for all of your servers at once. Here’s how to create a script in BASH on Ubuntu or Debian:
- mkdir ~/.ssh-known-hosts && cd ~/.ssh-known-hosts
- echo REMOTE HOST IDENTIFICATION KEY >> authorized_keys && cat ~./id_rsa.pub >> authorized_keys
- chmod 600 id_rsa.pub && chmod 600 authorized_keys
- rm -rf ~/.ssh-known-hosts
Running the Script Automatically at Startup
Adding your SSH fingerprint to your known_hosts file is a great way to improve the security of your Linux server. Here’s a quick and easy way to do it. First, you’ll need to run the following command on your computer where you want to add the fingerprint.
- cat ~/.ssh/known_hosts grep ssh awk ‘{ print $2 }’ > /tmp/hosfile;
The output will be written into a temporary file called hosfile. Next, on your linux machine with the added SSH fingerprint, open up .bashrc in any text editor like gedit or vim.
