Support for UserKnownHostsFile tokens?

asymptosis asymptosis at
Sat Sep 5 13:01:46 AEST 2020

Hi Damien/all,

Since github etc use a potentially large number of IP addresses (albeit with a small number of keys), I'd like more granular oversight over their entries in my known_hosts.

Eg, here is a simplified stanza from my current ssh config:

Host github gitlab
User git
UserKnownHostsFile ~/.ssh/known_hosts.d/git

There doesn't seem to be a good way to filter only certain hosts from that UserKnownHostsFile. When looking to remove outdated entries, I'd like to be able to tell which IP addresses and keys belonged to, say, GitHub -- at any time in the past.

I wondered if you would be willing to add a feature where we can shape the UserKnownHostsFile using tokens, similar to AuthorizedKeysFile for sshd config? My new config taking advantage of this feature could look like the following:

Host github gitlab
User git
UserKnownHostsFile ~/.ssh/known_hosts.d/%h

I know I could split out UserKnownHosts to go under a sequence of individual Hosts entries, but that seems inelegant when I'm already combining multiple hosts due to their similar configs.

Sorry if in fact it's already possible somehow. I didn't see anything in `man ssh_config` or via a web search.



More information about the openssh-unix-dev mailing list