To add the server key to the client known hosts list

Note: You will need a correctly named copy of the server's public host key. Client copies of known host keys use the following file name format:

key_port_host,IP.pub

Where port is the port used for the ssh connection, host is the host name, and IP is the host IP address. (Earlier versions used key_port_host.pub, and this format is still supported.)

An easy way to obtain a correctly named key is to make an initial connection to the server and allow the client to accept and name the host key. You can then distribute this copy of the host key. This is the technique used in the following procedure.

1. From your server, use ssh-keygen to display the fingerprint of the server's public host key:

   ssh-keygen -F /etc/ssh2/hostkey.pub

2. From a client that has not yet connected to this host, initiate a connection to your server:

   ssh myname@myserver

   You'll see a message saying that the host key is not in the host key database.

3. Confirm that the host key fingerprint in this message matches the actual host key fingerprint, and enter 'yes' to accept the host key.

   You will see a message identifying the name and location of the host key you just accepted. For example:

   Host key saved to /home/joe/.ssh2/hostkeys/key_22_myserver,10.10.1.123.pub

4. Copy this key to the known host list of your client computers:
   • To add this host key for all users of the client computer, copy the host public key file to /etc/ssh2/hostkeys.

     -or-

   • To add this host key for an individual user, copy the host public key file to ~/.ssh2/hostkeys.
5. (Optional) Enable StrictHostKeyChecking so that users cannot accept unknown host keys. You can add the following line to a system-wide configuration file (/etc/ssh2/ssh2_config), or a user-specific configuration file (~/.ssh2/ssh2_config).

   StrictHostKeyChecking=yes