Add a Trusted Host Key for all Domain Users

Public key authentication of the Secure Shell server is a standard feature of the Secure Shell protocol. If the host public key has not previously been installed in the host key database, the first time a user makes a Secure Shell connection, he or she sees the Host Key Unknown dialog box. This dialog box includes a fingerprint that identifies the Secure Shell host. To be sure that this is the correct host, the user should contact the Secure Shell server system administrator who can confirm that this is the correct fingerprint. Without confirmation, the user is at risk of a "man-in-the-middle" attack, in which another server poses as the Secure Shell server.

By installing the host key in the host key database and making this key public, an administrator can ensure that the host is correctly authenticated without requiring users to respond to the Host Key Unknown dialog box.

Note: This procedure adds the key to the database by accepting an unknown key when you connect to the host. If you already have the host key, you can also import it directly to the domain and then make it a public host key. For details, see Import a Trusted Host Key Using the Administrative Console

To add a host key to the database and make it available to all users of a domain

  1. From X Manager, configure an X client that uses Secure Shell as the connection method.
  2. Start the client.
  3. Confirm the key fingerprint is correct and click Always to add the host key to the host key database.
  4. On the Administrative Console Domain Definitions tab, under Trusted Host Keys, select the key.
  5. On the Action menu, choose Make Public.

Related Topics

Import a Trusted Host Key Using the Administrative Console

Add Trusted Host Keys to the Database

Manually Import a Trusted Host Key

Host Authentication for Secure Shell Sessions