Human readable .ssh/known_hosts?

Damien Miller djm at
Tue Sep 29 20:44:28 AEST 2020

On Tue, 29 Sep 2020, Martin Drescher wrote:

> Hi list members,
> just tried to get some old records out of my known_hosts, which is
> 'HashKnownHosts yes'. Is there a way to unhash host names and/or
> IPs? Google tells about, how to add hosts, but not the opposite, may
> be I miss some thing. Is this does not work at all, is there a best
> practice for cleaning old hosts and keys out?

The hashing is intentionally one-way - you can't go backwards from a
hash to a hostname without an inordinate amount of work.

You can however find and delete hosts by name using ssh-keygen.

To find entries matching a hostname, use "ssh-keygen -F hostname", e.g.

$ ssh-keygen -lF
# Host found: line 146 ECDSA SHA256:xjGrsgS6JzMojD3go1qULmh02LG8YpRirOwmoHnT/3M
# Host found: line 165 RSA SHA256:9nN+SOkKCQq6BLzybAUNlczAU0n+HbOIDxIrBIbPPmU
# Host found: line 166 ED25519 SHA256:43S30LGUkc2f9dDcLZG6O5KPKtPn7Xw2WkR2vCO/nnU

(the -l flag tells it to print fingerprints instead of full keys)

You can also delete entries using "ssh-keygen -R hostname".


More information about the openssh-unix-dev mailing list