0

Sorry if this question is stupid or doesn't make sense. What led me to ask this is that I noticed my known_hosts file has many (15) lines and I'm not sure why; I didn't think I had connected to this many servers? (I think this is what the known_hosts file is for based on my limited understanding of the answer to this post). There are no hostnames associated with each line (no comments after).

I used this command: ssh-keyscan -t rsa,dsa -f known_hosts > ~/.ssh/known_hosts_revised based on this post and it said for all of them, "Name or service not known".

I also tried running this perl script based on this answer and haven't got anything so far (it's been running a while).

I'm just going to clear the known_hosts file, but was wondering if this was actually an issue and if I should expect potentially negative issues as a result and try to do some fix. Thanks.

  • If your file matches the format shown in the _question_ (unix/q/31549) for your last link (unix/a/72368) namely `|1|somebase64|morebase64` that is the hashed format described in several other answers you apparently ignored, and Jasen references, and thus is not valid for `ssh-keyscan -f`. – dave_thompson_085 Oct 10 '21 at 01:51

2 Answers2

2

Known hosts usually has hashed records and some services that it is used for (eg: github) have multiple servers resulting in multiple records in the file.

You can delete the file and re-generate a new one, that will mean you'll get alerts from ssh for each server.

Jasen
  • 931
  • 5
  • 9
1

That's highly unlikely. If you're not on a shared computer, it's even less likely.

You can add HashKnownHosts no to your ~/.ssh/config to disable hashing the host names, then purge your ~/.ssh/known_hosts file, and then re-populate it over time as you log in to your various remote hosts. As Jasen answered, you'll have to repeat the process of accepting them again, but this way you'll be able to track them.

The command you found cannot work given hashed hosts list since you can't determine what the host was and therefore cannot connect to it to verify its keys.


Regarding the mess Github has in their servers, which share SSH private keys (a big taboo!), you can configure SSH to ignore the IP on their servers:

Host github.com *.github.com
  CheckHostIp no

This should reduce the prompts to confirm new keys to just the initial confirmation.

Adam Katz
  • 10,418
  • 2
  • 22
  • 48
  • Many thanks, will do. Now that I'm working with github again after an extended period of time, I'm realizing that many pulls often result in adding a new and different github IP to my known_hosts, and I'm hoping that was why there were so many. I hope y'all can excuse my paranoia – letslearnmath Oct 12 '21 at 13:43
  • 1
    Github is quite a mess. I've added a note about that. – Adam Katz Oct 12 '21 at 15:38