Human readable .ssh/known_hosts?
Damien Miller
djm at mindrot.org
Tue Sep 29 20:44:28 AEST 2020
On Tue, 29 Sep 2020, Martin Drescher wrote:
> Hi list members,
>
> just tried to get some old records out of my known_hosts, which is
> 'HashKnownHosts yes'. Is there a way to unhash host names and/or
> IPs? Google tells about, how to add hosts, but not the opposite, may
> be I miss some thing. Is this does not work at all, is there a best
> practice for cleaning old hosts and keys out?
The hashing is intentionally one-way - you can't go backwards from a
hash to a hostname without an inordinate amount of work.
You can however find and delete hosts by name using ssh-keygen.
To find entries matching a hostname, use "ssh-keygen -F hostname", e.g.
$ ssh-keygen -lF haru.mindrot.org
# Host haru.mindrot.org found: line 146
haru.mindrot.org ECDSA SHA256:xjGrsgS6JzMojD3go1qULmh02LG8YpRirOwmoHnT/3M
# Host haru.mindrot.org found: line 165
haru.mindrot.org RSA SHA256:9nN+SOkKCQq6BLzybAUNlczAU0n+HbOIDxIrBIbPPmU
# Host haru.mindrot.org found: line 166
haru.mindrot.org ED25519 SHA256:43S30LGUkc2f9dDcLZG6O5KPKtPn7Xw2WkR2vCO/nnU
(the -l flag tells it to print fingerprints instead of full keys)
You can also delete entries using "ssh-keygen -R hostname".
-d
More information about the openssh-unix-dev
mailing list