Maintaining Known Hosts on a Site-Wide Basis
Each host that needs to talk to another host securely must have the server's public key stored in the local host's /etc/ssh/ssh_known_hosts file. Although it is most convenient to update the /etc/ssh/ssh_known_hosts files by a script, this practice is heavily discouraged because it opens a major security vulnerability.
The /etc/ssh/ssh_known_hosts file should only be distributed by a secure mechanism as follows:
-
Over a secure connection such as Secure Shell, IPsec, or kerberized ftp from a known and trusted machine
-
At system install time
To avoid the possibility of an intruder gaining access by inserting bogus public keys into a known_hosts file, you should use the jumpstart server as the known and trusted source of the ssh_known_hosts file. The ssh_known_hosts file can be distributed during installation and by regularly running scripts on the individual hosts that pull in the latest version by using scp. This approach is secure because each host already has the public key of the jumpstart server.
- © 2010, Oracle Corporation and/or its affiliates