How to remove old entries from known_hosts?

Brian Candler b.candler at
Wed Feb 14 23:36:44 AEDT 2024

On 14/02/2024 11:42, Chris Green wrote:
> Is there any way to remove old entries from the known_hosts file? With
> the hashed 'names' one can't easily see which entries are which.  I
> have around 150 lines in my known hosts but in reality I only ssh to a
> dozen or so systems.  All the redundant ones are because I have a
> mixed population of Raspberry Pis and such on my LAN and they get
> rebuilt fairly frequently and thus, each time, get a new entry in
> known_hosts.
> As a result I have to set 'PreferredAuthentications password' for some
> systems because there are *loads* of redundant keys which cause login
> to fail otherwise.
Set 'HashKnownHosts no' in /etc/ssh/ssh_config.  This is actually the 
default for OpenSSH, but many distro vendors set it to yes because "it's 
more secure, obvs".

Connect to all the machines you need to and delete the lines which 
conflict (ssh will tell you the line number). When your known_hosts 
seems to contain the hosts you want, delete all the hashed ones. Or 
simply start from scratch with an empty known_hosts.

To disable host key checking altogether for certain domains and/or 
networks, you can put this in ~/.ssh/config:

host * 10.11.*
   StrictHostKeyChecking no
   UserKnownHostsFile /dev/null

More information about the openssh-unix-dev mailing list