Understanding SSH known_hosts File

Table of Contents

The known_hosts file contains a list of public keys for all the hosts to which the user has connected with ssh. It is used for verifying the identity of other systems.

Ssh can automatically add keys to the user’s file, but they can be added manually as well.

In SSH, public key cryptography is used for authenticating computers and users. Host keys authenticate hosts. Authorized keys and identity keys authenticate users.

In OpenSSH, the collection of known host keys is stored in /etc/ssh/known_hosts and in .ssh/known_hosts in each user’s home directory.

when connecting to a host for the first time, ssh usually adds the remote host’s public key to the user’s known_hosts file.

Format of known_hosts file

The format is one public key or certificate per unbroken line. Each line contains a hostname, number of bits, exponent, and modulus.

At the beginning of the line is either the hostname or a hash representing the hostname.

It is possible to use a comma-separated list of hosts in the hostname field if a host has multiple names or if the same key is used on multiple machines in a server pool.

Here are 3 examples for hosts with IPs:

10.254.171.53 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXN

oYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOs2di8vPqAZq2alIe

POVVQF/CzuAeQNv4fZVf2pLxpGHle15zkpxOosckequUDxoqC9i/MebdBZ1GX5oSJd

Ib8=
10.254.171.50 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAsZmLU8H9+1LlNKTZkQQn

bG02gjs3kOdBhcbYTAGmfib1FMtpyq+C4UxLhOPcuKP9U

5P7bYcUFGcFnL14UCBcmgbHiq50CW8pcwcR7NoZmTIM0gRRXPwV

WbfbXRHB2Pbg+6HQ2hf73EIxs90h3NDmmjH6FkBTGsQNzU7WBdaeh2oiyRZj

3ZkYxI0IHjDbRi8WMqDoIgeh5BIagIijilUGxLzfX0VIMKkiOVMFANWNd/NG+

st6orIHtomHDzQTeI9q669I7lZ8xH77gHm+TbnER4qNYUjJO4msqXfhtHNRG

VZIaLpptPkkVBPkPhPob8rPH0dMctpYvZSQVRIFzZvezw==
149.248.34.68 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAy

NTYAAAAIbmlzdHAyNTYAA

ABBBKNaPP6SHIvAbqiWuJxJ6yVczl+8qT4ilmOYksPNn/7i8J6uSrBB+PHw

n2STnN7FR2qBtHGkFHZvMXk3diXXDSM=

What is the purpose of known_hosts file

This file is local to the user account and contains the known keys for remote hosts. Often these are collected from the hosts when connecting for the first time.

As with those keys stored in the file, ~/.ssh/known_hosts, these keys are used to verify the identity of the remote host,

thus protecting against impersonation or man-in-the-middle attacks.

With each subsequent connection the key will be compared to the key provided by the remote server.

If there is a match, the connection will proceed. If the match fails, ssh(1) will fail with an error message.

If there is no key at all listed for that remote host, then the key’s fingerprint will be displayed and there will be the option to automatically add the key to the file.

This file can be created and edited manually, but if it does not exist it will be created automatically by ssh(1) when it first connects to a remote host.

Add public key to known_hosts manually

We can use ssh-keygen  with -F option to search known_hosts file.

$ ssh-keygen -F server3.example.com

The default file to be searched will be ~/.ssh/known_hosts and the key is printed if found. A different file can be searched using the -f option.

If a key must be removed from the file, the -R option works similarly to search by host and then remove it if found even if the host name is hashed.

$ ssh-keygen -R server4.example.com -f ~/.ssh/known_hosts

When a key is removed, it will then be appended to the file ~/.ssh/known_hosts.old in case it is needed later.

If a non-default file is used with either -F or -R then the name including the path must be specified using -f. But -f is optional if the default file is intended.

 

Table of Contents

Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

You might also like