Understanding SSH known_hosts File with Examples

Table of Contents

The ssh known_hosts file is a file that stores the public key of all of the servers that you have connected using ssh. This file is used to verify the identity of servers in the future. Ssh can automatically add keys to this file, but they can be added manually as well.

Understanding SSH known_hosts

In SSH, public key cryptography is used for authenticating computers and users. Host keys authenticate hosts. Authorized keys and identity keys authenticate users.

In OpenSSH, the collection of known host keys is stored in /etc/ssh/known_hosts and in .ssh/known_hosts in each user’s home directory.

when connecting to a host for the first time, ssh usually adds the remote host’s public key to the user’s known_hosts file.

Format of known_hosts file

The format is one public key or certificate per unbroken line. Each line contains a hostname, number of bits, exponent, and modulus. At the beginning of the line is either the hostname or a hash representing the hostname.

It is possible to use a comma-separated list of hosts in the hostname field if a host has multiple names or if the same key is used on multiple machines in a server pool.

known_hosts Example

Here is one example of host key with IP: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItb

Understanding SSH authorized_keys file with Examples

What is the purpose of known_hosts file

This file is local to the user account and contains the known keys for remote hosts. These are collected from the hosts when connecting for the first time.As with those keys stored in the file, ~/.ssh/known_hosts, these keys are used to verify the identity of the remote host, thus protecting against impersonation or man-in-the-middle attacks.

With each subsequent connection, the key will be compared to the key provided by the remote server. If there is a match, the connection will proceed. If the match fails, ssh will fail with an error message.

If there is no key at all listed for that remote host, then the key’s fingerprint will be displayed and there will be the option to automatically add the key to the file.

This file can be created and edited manually, but if it does not exist it will be created automatically by ssh when it first connects to a remote host.

Add public key to known_hosts manually

We can use ssh-keygen with -F option to search known_hosts file. $ ssh-keygen -F . The default file to be searched will be ~/.ssh/known_hosts and the key is printed if found.

A different file can be searched using the -f option. If a key must be removed from the file, the -R option works similarly to search by host and then remove it if found even if the host name is hashed.

$ ssh-keygen -R -f ~/.ssh/known_hosts

When a key is removed, it will then be appended to the file ~/.ssh/known_hosts.old in case it is needed later. If a non-default file is used with either -F or -R then the name including the path must be specified using -f. But -f is optional if the default file is intended.

3 Ways to fix remote host identification has changed

How to view the ssh known_hosts file?

To view the ssh know_hosts file on your Linux system, you can use the following command:

cat ~/.ssh/known_hosts
vi ~/.ssh/known_hosts

To add a new host to the ssh know_hosts file, you can use the following command:

$ ssh-keyscan -t rsa [] >> ~/.ssh/known_hosts
$ ssh-keyscan -H >> ~/.ssh/known_hosts

To remove a host from the know hosts file, you can use the following command:

$ ssh-keygen -R []
$ ssh-keygen -r []

Where should I store my ssh known_hosts file?

The ssh known_hosts file should be stored in the ~/.ssh directory. For example, the full path to the ssh know_hosts file is: ~/.ssh/known_hosts

What are some common problems with the ssh known_hosts file?

The ssh know_hosts file is a file that stores information about hosts that you have connected to using ssh. This file can help to prevent man-in-the-middle attacks by verifying the host key before connecting.

A common problem with the ssh know_hosts file is when you try to connect to a host and get an error message: “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”

This usually happens if you changed out hardware on the server that you are connecting to, or if there was some other change in settings on the remote server.

If you get this error message, you can fix it by removing the host from your ssh know_hosts file and adding it back again:

$ ssh-keygen -R []
$ ssh-keyscan -t rsa [] >> ~/.ssh/known_hosts
$ ssh-keyscan -H >> ~/.ssh/known_hosts

Another common problem with the ssh know_hosts file is when you try to connect to a host and get an error message: “WARNING: POSSIBLE DNS SPOOFING DETECTED!” .

This usually happens when you try to connect to a host that does not exist.

If you get this error message, then check your /etc/hosts file and make sure that the name of the remote server is there and it has a valid IP address assigned to it.

David Cao
David Cao

Hey there! I am David, a Cloud & DevOps Enthusiast and 18 years of experience as a Linux engineer. I work with AWS, Git & GitHub, Linux, Python, Ansible, and Bash. I am a technical blogger and a Software Engineer, enjoy sharing my learning and contributing to open-source.