Your OpenSSH installation did not automatically create host keys, or you want to generate new replacement host keys. Additionally, you don't trust the usual automatic transfer of the host's public key, so you want to manually copy host keys to the clients.
Should you create RSA or DSA keys? Short answer: it doesn't matter. Both are cryptographically strong.
The main difference to the end user is RSA keys can be up to 2,048 bits in length, while DSA is limited to 1,024 bits, so theoretically, RSA keys are more future-proof. The default for either type of key is 1,024 bits.
This example generates a new key pair, using the default host key name from /etc/ssh/sshd_config. Never create a passphrase on host keys—just hit the return key when it asks for one:
# cd /etc/ssh/
# ssh-keygen -t dsa -f ssh_host_dsa_key
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /etc/ssh/ssh_host_dsa_key.
Your public key has been saved in /etc/ssh/ssh_host_dsa_key.pub.
The key fingerprint is:
26:f6:5b:24:49:e6:71:6f:12:76:1c:2b:a5:ee:fe:fe root@windbagYou may wish to be extra cautious and copy the public key manually via floppy disk, USB key, or scp over an existing OpenSSH connection to avoid any possible hijacking in transit. You need to modify the key if you're going to copy it manually. Here is the original public host key:
ssh-dss AAAAB3NzaC1kc3MAAACBALeIrq77k20kUAh8u3RYG1p0iZKAxLQZQzxJ8422d+uPRwvVAARFnriNajoJaB9L7 qu5D0PCSNCOuBMOIkkyHujfXJejQQnMucgkDm8AhMfO8TPyLZ6pG459M+bfwbsBybyWav7eGvgkkTfZYDEd7H mQK6+Vkd9SYqWd+Q9HkGCRAAAAFQCrhZsuvIuZq5ERrnf5usmMPXlQkQAAAIAUqi61+T7Aa2UjE40hnO8rSVf FcuHE6BCmm0FMOoJQbD9xFTztZbDtZcna0db5l+6AYxtVInHjiYPj76/hYST5o286/28McWBF8+j8Nn/ tHVUcWSjOE8EJG8Xh2GRxab6AOjgo/ GAQli1qMxlJfCbOlcljVN8VDDF4XtPzqBPHtQAAAIBn7IOv9oM9dUiDZUNXa8s6UV46N4rqcD+HtgkltxDm+t RiI68kZsU5weTLnLRdZfv/o2P3S9TF3ncrS0YhgIFdGupI// 28gH+Y4sYvrUSoRYJLiDELGm1+2pI06wXjPpUH2Iajr9TZ9eKWDIE+t2sz6lVqET95SynXq1UbeTsDjQ== root@windbag
Delete the hostname at the end of the file, and prefix the key with the fully qualified domain name and IP address. Make sure there are no spaces between the FQDN and address, and there is one space after the IP address:
windbag.carla.com,192.168.1.10 ssh-dss AAAAB3NzaC1kc3MAAACBALeIrq77k20kUAh8u3RYG1p0iZKAxLQZQzxJ8422d+uPRwvVAARFnriNajoJaB9L7 qu5D0PCSNCOuBMOIkkyHujfXJejQQnMucgkDm8AhMfO8TPyLZ6pG459M+bfwbsBybyWav7eGvgkkTfZYDEd7H mQK6+Vkd9SYqWd+Q9HkGCRAAAAFQCrhZsuvIuZq5ERrnf5usmMPXlQkQAAAIAUqi61+T7Aa2UjE40hnO8rSVf FcuHE6BCmm0FMOoJQbD9xFTztZbDtZcna0db5l+6AYxtVInHjiYPj76/hYST5o286/28McWBF8+j8Nn/ tHVUcWSjOE8EJG8Xh2GRxab6AOjgo/ GAQli1qMxlJfCbOlcljVN8VDDF4XtPzqBPHtQAAAIBn7IOv9oM9dUiDZUNXa8s6UV46N4rqcD+HtgkltxDm+t RiI68kZsU5weTLnLRdZfv/o2P3S9TF3ncrS0YhgIFdGupI// 28gH+Y4sYvrUSoRYJLiDELGm1+2pI06wXjPpUH2Iajr9TZ9eKWDIE+t2sz6lVqET95SynXq1UbeTsDjQ==
Starting with AAAAB, the file must be one long unbroken line, so be sure to do this in a proper text editor that does not insert line breaks.
You may also use the hostname, or just the IP address all by itself.
If you manually copy additional host keys into the known_hosts file, make sure there are no empty lines between them.
How much of a risk is there in an automatic host key transfer? The risk is small; it's difficult to launch a successful man-in-the-middle attack, but not impossible. Verifying the host IP address and public key fingerprint before accepting the host key are simple and effective precautions.
It really depends on how determined an attacker is to penetrate your network. The attacker would first have to intercept your transmission in a way that does not draw attention, then possibly spoof the IP address (which is easy) and public-key finger-print of your trusted server, which is not so easy to do. Because most users do not bother to verify these, most times it's not even necessary. Then, when you type "yes" to accept the key, you get the attacker's host key. To avoid detection, the attacker passes on all traffic between you and the trusted server while capturing and reading everything that passes between you and the trusted server.
How hard is it to hijack Ethernet traffic? On the LAN, it's easy—check out the arpspoof utility, which is part of the Dsniff suite of network auditing and penetration-testing tools. How trustworthy are your LAN users? Over the Internet, the attacker would have to compromise your DNS, which is possible, but not easy, assuming your DNS is competently managed. Or, be in a position of trust and a place to wreak mischief, such as an employee at your ISP.
In short, it's a small risk, and the decision is yours.