| | |
| ||
| ||
     |
When the host key is received during the first connection to a
remote host (or when the host key has changed) and you choose to save
the key, its filename is stored in hashed format,
keys_hhh..., where hhh is a hash of the host
port and name. The saved file contains a hash of the host's public key.
A salt is included in the hash calculations. The value of the salt is
stored in the file salt in the same directory as the host
keys ($HOME/.ssh2/hostkeys on Unix,
"%USERPROFILE%\Application Data\SSH\HostKeys"
on Windows). The hashed host key format is a security feature to make address
harvesting on the hosts difficult.
In the plain (traditional) format, the name of a host key file includes
the hosts's name and port, as in key_22_host.example.com.pub,
and the file contains the host's public key in plaintext format.
If you are adding the keys manually, the keys should be named with the
key_<port>_<host>.pub pattern, where
<port> is the port the Secure Shell server
is running on and <host> is the hostname
you use when connecting to the server (for example,
key_22_alpha.example.com.pub).
If both the hashed and plaintext format keys exist, the hashed format takes precedence.
Note that the host identification is different based on the host name and port the client is connecting to. The hostname can occur in 3 different formats: fully qualified domain name (FQDN), short hostname, or IP-address. The host key for each name format has to be saved separately, as they are not mutually exchangeable.
The host key is saved under the hostname format used in the
login. For example, if you want to use all the hostname formats when
connecting to a remote host named alpha,
connect to the host first with the following commands and save the host
key under all three names:
sshg3 user@alpha
produces the key with the short hostname (in plain format key_22_alpha.pub)
sshg3 user@alpha.example.com
produces the key with FQDN (in plain format key_22_alpha.example.com.pub)
sshg3 user@10.1.101.10
produces the key with IP-address (in plain format key_22_10.1.101.10.pub)
Also if you need to connect to the same host but different port,
your client needs a separate host key for that purpose; for example
key_22_alpha.pub and
key_222_alpha.example.com.pub.
After the first connection, the local copy of the server public key will be used in server authentication.
| |
Copyright 
2008 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information