Human readable .ssh/known_hosts?

Mauricio Tavares raubvogel at gmail.com
Wed Sep 30 20:35:11 AEST 2020


On Tue, Sep 29, 2020 at 6:46 AM Damien Miller <djm at mindrot.org> wrote:
>
> On Tue, 29 Sep 2020, Martin Drescher wrote:
>
> > Hi list members,
> >
> > just tried to get some old records out of my known_hosts, which is
> > 'HashKnownHosts yes'. Is there a way to unhash host names and/or
> > IPs? Google tells about, how to add hosts, but not the opposite, may
> > be I miss some thing. Is this does not work at all, is there a best
> > practice for cleaning old hosts and keys out?
>
> The hashing is intentionally one-way - you can't go backwards from a
> hash to a hostname without an inordinate amount of work.
>
> You can however find and delete hosts by name using ssh-keygen.
>
> To find entries matching a hostname, use "ssh-keygen -F hostname", e.g.
>
> $ ssh-keygen -lF haru.mindrot.org
> # Host haru.mindrot.org found: line 146
> haru.mindrot.org ECDSA SHA256:xjGrsgS6JzMojD3go1qULmh02LG8YpRirOwmoHnT/3M
> # Host haru.mindrot.org found: line 165
> haru.mindrot.org RSA SHA256:9nN+SOkKCQq6BLzybAUNlczAU0n+HbOIDxIrBIbPPmU
> # Host haru.mindrot.org found: line 166
> haru.mindrot.org ED25519 SHA256:43S30LGUkc2f9dDcLZG6O5KPKtPn7Xw2WkR2vCO/nnU
>
      One a side note, I see *some* entries in .ssh/known_hosts
showing the hostname or IP, while others do not. What causes this lack
of consistency?

> (the -l flag tells it to print fingerprints instead of full keys)
>
> You can also delete entries using "ssh-keygen -R hostname".
>
> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list