Diagnosis and Resolution of SSH known_hosts Directory Issues

Problem Background and Error Analysis

During SSH connection establishment, when a client connects to a remote server for the first time, the system prompts the user to verify the server's host key fingerprint. If the user selects "yes", the SSH client writes the host's public key information to the ~/.ssh/known_hosts file for subsequent connection verification. However, in certain scenarios, even after confirming the connection, the system still reports the "Failed to add the host to the list of known hosts" error.

Core Issue: known_hosts Mistakenly Created as Directory

According to the file permission listing in the problem description:

drwx------  5 sasha  staff   170B Jul 15 09:56 known_hosts

The drwx------ permission indicates that known_hosts is actually a directory, not the expected regular file. When the SSH client attempts to write host keys, it expects known_hosts to be a text file. When the target path points to a directory, the write operation fails, generating the aforementioned error message.

Solution Implementation Steps

Step 1: Remove Incorrect Directory Structure

First, remove the known_hosts that was mistakenly created as a directory:

rm -rf ~/.ssh/known_hosts

This command recursively deletes the entire known_hosts directory and its contents. Since the directory may contain important PEM files or other SSH keys, it's recommended to backup critical data before execution.

Step 2: Rebuild Correct File Structure

After directory removal, the SSH client will automatically create the correct known_hosts file upon the next successful connection. This can be triggered with:

ssh -T git@github.com

When the system prompts for host key confirmation again, select "yes", and the SSH client will create a new known_hosts file and write GitHub's host key to it.

Supplementary Diagnostics and Permission Repair

While the primary issue is incorrect file type, other permission problems can cause similar errors. Here's the complete permission repair solution:

sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R ${USER} ~/.ssh/
sudo chgrp -R ${USER} ~/.ssh/

These commands ensure:

• The ~/.ssh/ directory is readable, writable, and executable only by the owner
• All files within the directory are readable and writable only by the owner
• All files and directories have the owner and group set to the current user

Advanced Debugging Techniques

For complex SSH issues, use verbose mode to obtain detailed diagnostic information:

ssh -v git@github.com
ssh -vv git@github.com

The -v flag provides basic debugging information, while -vv offers more detailed output. This information helps identify:

• Specific issues during key loading processes
• Authentication method selection order
• Various stages of connection establishment
• Detailed results of permission checks

Preventive Measures and Best Practices

To prevent similar issues from recurring, consider:

• Regularly checking file types and permissions in the ~/.ssh/ directory
• Avoiding manual creation of known_hosts directories
• Using SSH configuration management tools to maintain keys and configurations
• Verifying SSH functionality integrity after system environment changes

Technical Principles Deep Dive

The SSH host key verification mechanism is based on asymmetric encryption principles. When a client connects to a server for the first time:

1. The server sends its host public key
2. The client calculates the public key fingerprint and displays it to the user
3. After user confirmation of the correct fingerprint, the client writes the public key to known_hosts
4. For subsequent connections, the client verifies whether the server's public key matches the record in known_hosts

This mechanism effectively prevents man-in-the-middle attacks, ensuring connection security. When the known_hosts file cannot be written normally, the entire security verification chain is disrupted.