When you use ssh to connect the host, the host should give its hostkey (in /etc/ssh/ssh_host_rsa_key.pub) to you, and your computer will check "$HOME/.ssh/known_hosts",compare their hostkey, if it can not find this host in "known_hosts",it will ask you if you want to add it. If you are sure this key is correct, then you can add it.
If it find the matched name in known_hosts, but the host key is not matching with that key the host has gived. It will failed to connect. If you are sure the hostkey has been changed and want to use new hostkey, then you can delete the old hostkey in "known_hosts",and do "$ssh username@ip" again, this time you have choice to add new hostkey to file.
In the "ssh_host_rsa_key.pub" and "known_hosts", the key is writen in unreadable format. If you want to see it or regenerate new key, you should use command "ssh-keygen". For example, you can use "ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub" to see the readable format of the key. For detail information ,do "man ssh-keygen".
There are three different key file, rsa,rsa1 and dsa. You can choose different protocal to connect host. But normally, it should use rsa.
No comments:
Post a Comment