|Skip Navigation Links|
|Exit Print View|
|System Administration Guide: Security Services Oracle Solaris 10 8/11 Information Library|
Each host that needs to communicate securely with another host must have the server's public key stored in the local host's /etc/ssh/ssh_known_hosts file. Although a script could be used to update the /etc/ssh/ssh_known_hosts files, such a practice is heavily discouraged because a script opens a major security vulnerability.
Over a secure connection, such as Secure Shell, IPsec, or Kerberized ftp from a known and trusted machine
At system install time
To avoid the possibility of an intruder gaining access by inserting bogus public keys into a known_hosts file, you should use a JumpStart server as the known and trusted source of the ssh_known_hosts file. The ssh_known_hosts file can be distributed during installation. Later, scripts that use the scp command can be used to pull in the latest version. This approach is secure because each host already has the public key from the JumpStart server.