Failed to add the host to the list of known hostsFailed to add the host to the list of known hosts

Posted November 13th, 2012 in Linux/Unix/BSD and OSX

I recently reinstalled the operating system on my MacBookPro and discovered when trying to SSH into a new server for the first time I was getting the error "Failed to add the host to the list of known hosts (/Users/chris/.ssh/known_hosts)." This post shows what I needed to do to fix them problem.

Check directory permissions

The ~/.ssh/known_hosts file contains a list of known hosts and their public keys. If the host's public key changes compared with what's in the file, you are alerted when you attempt to connect that it has changed. There may be perfectly benign reasons for the change, but it may also be a security issue.

The ssh client needs to be able to write to files in the .ssh directory, so the first check is to have a look at your your .ssh directory and the files in that directory.

ls -ld ~/.ssh

will output something like this:

drwx------@ 12 chris  staff  408 12 Nov 13:51 /Users/chris/.ssh/

"chris" should be your username and "staff" the group you belong to. d indicates it's a directory and rwx are the permissions for the user, which in this case shows we can read and write files in the directory.

If the permissions aren't correct then run this to fix them:

chmod 0700 ~/.ssh

Check file permissions

Now check the files in the .ssh directory:

ls -l ~/.ssh

will output something like this:

-rw-------@ 1 chris  staff   1675 10 Jun  2011 id_rsa
-rw-r--r--@ 1 chris  staff    392 10 Jun  2011 id_rsa.pub
-rw-------@ 1 chris  staff  39943 12 Nov 13:51 known_hosts

As with the above, the rw flag in the user part of the file permissions shows we can read and write files. To fix the permissions if they are not correct, run this to change permissions for all of them:

chmod 0600 ~/.ssh/*

or this to just change permissions for e.g. known_hosts:

chmod 0600 ~/.ssh/known_hosts

Remove ACL flags

In my case, the permissions were all set correctly but I could write to any files or the directory itself using the ssh client, or even using a text editor. It turned out there was an ACL permission issue so I needed to clear the ACL flags to be able to write to the files again.

Run this command to recursively remove the ACL flags from under the .ssh directory:

chmod -R -a# 0 ~/.ssh

Note that if there aren't any ACL flags on some of the files, you'll see an error like this "chmod: No ACL present '.ssh'" which is OK; there's just nothing to remove on that particular file.

I was able to now write to the files after clearing the ACL flags; always check if it's just a file permissions issue first and try to rely on resetting ACLs as a last resort.

Related posts:

Comments

blog comments powered by Disqus