ssh-keygen
If you’re using the experimental hostname hashing feature described earlier, ssh-keygen has some new command-line options to support it.
Hashing Your Known Hosts File
ssh-keygen can convert your known_hosts file to use hashes with the -H option:
$ ssh-keygen -H
Warning
The ssh-keygen manpage claims that the results of ssh-keygen -H are written to standard output, but this is not true. The command modifies your ~/.ssh/known_hosts file directly. It also stashes a copy of the old file in ~/.ssh/known_hosts.old for safety, but don’t depend on this: running ssh-keygen -H twice obliterates the safe copy.
Managing Hosts
Once you’ve hashed your hostnames, it’s hard to edit the known_hosts file because you can’t read which line corresponds to which host. ssh-keygen provides new commands for locating and removing hosts from the file. To locate a particular host in the file, use the -F option:
$ ssh-keygen -F server.example.com # Host server.example.com found: line 3 type RSA1 server.example.com 1024 35 1301302858553510086.....
To remove a known host, use the -R option and provide the original hostname:
$ ssh-keygen -R server.example.com /home/smith/.ssh/known_hosts updated. Original contents retained as /home/smith/.ssh/known_hosts.old
Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.