How to Add a Server to Known_Hosts: A Comprehensive Guide for Devs

Dear Devs, Are you tired of constantly typing in your server’s password every time you connect? Do you wish there was an easier way to access your server? Look no further! In this article, we will discuss the process of adding a server to known_hosts and how it can help you save time and improve security.

What is known_hosts?

Known_hosts is a file that stores the fingerprints of the servers that you have connected to using SSH (Secure Shell) protocol. The SSH protocol uses these fingerprints to ensure that you are connecting to a legitimate server and not a fake one. If the fingerprint of the server that you are trying to connect to does not match the one stored in the known_hosts file, then the connection will be refused.

When you first connect to a server using SSH, the fingerprint of the server is added to your known_hosts file automatically. However, if you are connecting to a new server or a server with a new fingerprint, you will need to manually add it to the known_hosts file.

Why Add a Server to Known_Hosts?

Adding a server to known_hosts provides several benefits:

1. Security: By adding a server’s fingerprint to the known_hosts file, you are ensuring that you are connecting to a legitimate server and not a fake one. This helps prevent man-in-the-middle attacks and other security threats.
2. Convenience: Once a server’s fingerprint is added to the known_hosts file, you will no longer need to type in your password every time you connect to it. This can save you time and make the connection process more streamlined.

How to Add a Server to Known_Hosts

Now that you understand the benefits of adding a server to known_hosts, let’s go over the steps involved in the process:

Step 1: Locate the Known_Hosts File

The known_hosts file is located in your home directory under the .ssh subdirectory. If the file does not exist, you can create it using the following command:

Command	Description
mkdir -p ~/.ssh	Creates the .ssh directory if it does not exist
touch ~/.ssh/known_hosts	Creates the known_hosts file if it does not exist

Step 2: Get the Server’s Fingerprint

To add a server to known_hosts, you will need to know its fingerprint. You can obtain the fingerprint using the following command:

Command	Description
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_rsa_key.pub | awk '{print $2}' | sed 's/://g'	Prints the fingerprint of the server’s RSA key
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_dsa_key.pub | awk '{print $2}' | sed 's/://g'	Prints the fingerprint of the server’s DSA key
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ecdsa_key.pub | awk '{print $2}' | sed 's/://g'	Prints the fingerprint of the server’s ECDSA key
ssh-keygen -E md5 -lf /etc/ssh/ssh_host_ed25519_key.pub | awk '{print $2}' | sed 's/://g'	Prints the fingerprint of the server’s ED25519 key

Note: You will need to replace “/etc/ssh/” with the appropriate path if the server’s SSH keys are located elsewhere.

Step 3: Add the Fingerprint to Known_Hosts

Once you have obtained the server’s fingerprint, you can add it to the known_hosts file using the following command:

Command	Description
ssh-keyscan -H <server> >> ~/.ssh/known_hosts	Adds the server’s fingerprint to the known_hosts file

Note: Replace “<server>” with the IP address or domain name of the server.

Common Issues and FAQs

Q: I am getting a “Host key verification failed” error. What should I do?

A: This error occurs when the server’s fingerprint does not match the one stored in the known_hosts file. To resolve this issue, you can remove the old fingerprint and add the new one using the steps outlined above.

Q: Can I add multiple fingerprints to known_hosts?

A: Yes, you can add multiple fingerprints to the known_hosts file. Simply repeat the steps above for each server you wish to add.

Q: Is it safe to add a server to known_hosts?

A: Yes, adding a server to known_hosts is a safe and secure process. It helps prevent man-in-the-middle attacks and other security threats.

Q: Can I automate the process of adding servers to known_hosts?

A: Yes, you can automate the process of adding servers to known_hosts using tools such as Ansible, Puppet, or Chef. These tools allow you to manage your infrastructure as code and automate repetitive tasks.

Q: Can I delete a server’s fingerprint from known_hosts?

A: Yes, you can delete a server’s fingerprint from the known_hosts file using the following command:

Command	Description
ssh-keygen -R <server>	Removes the server’s fingerprint from the known_hosts file

Note: Replace “<server>” with the IP address or domain name of the server.

Conclusion

Adding a server to known_hosts is a simple and effective way to improve security and streamline the connection process. By following the steps outlined in this article, you can easily add new servers to your known_hosts file and eliminate the need to type in your password every time you connect. Remember to always verify the fingerprint of the server before connecting to ensure that you are connecting to a legitimate server and not a fake one.