From my naive understanding of ssh, the server shares its public key ( /etc/shh/ssh_host_rsa_key.pub
) with the client, who then adds it to the list of known hosts ( /user/.ssh/known_hosts
). So, I would expect if I look in those two files to see a long identical string in both (the "key").
When I compare the text in these two files I can see a string in both which is the same at the beginning but then becomes different.
Why can't I see the same long string in both files (which I would assume is the key)?
- 143
- 4
-
Maybe the client only stores a hash where the server obviously would need the full key. – André Borie Aug 13 '16 at 04:25
-
An OpenSSH server normally has 3-4 keys, of different types to support possibly varying clients, but a client normally gets and stores in known_hosts only one of them -- make sure you are comparing the host key for the type stated in the client file. PS: it's not `shh`, although I do sometimes wish it were quieter. – dave_thompson_085 Mar 27 '21 at 22:19
2 Answers
For privacy.
With modern versions of OpenSSH, the known_hosts
file on the client contains a hash of the server name (or IP address), rather than the name directly. The reason for only storing a hash is that if someone obtains a copy of this file (e.g. leaked backup), they can't discover which servers are recorded, i.e. they can't discover which sites you connected to. They can verify guesses, of course: that's unavoidable since the legitimate client must be able to do this.
The ssh-keygen
utility has a few options to manipulate the known_hosts
entries, but of course can't convert a hash to the non-hash format. You can set HashKnownHosts no
in your client configuration (~/.ssh/config
) to turn off hashing, then the entries will be in a format where the public key is clearly visible.
- 51,415
- 13
- 121
- 180
-
I've never seen a version of OpenSSH that hashes the keyblobs, only the servernames -- and that not by default (at least in upstream, an installation or distro might change the default). – dave_thompson_085 Mar 27 '21 at 22:17
For me, it contains the same string. the server has:
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLmw2JjbKMO5LXTcJ67et6TBZeLff1WghM6koKjiHGh+gBbZzHrhDj20MuTxTB1kaTYh7f9T2G/zmhVpFMyUUoQ=
and the client has
|1|some_base64|more_base64 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLmw2JjbKMO5LXTcJ67et6TBZeLff1WghM6koKjiHGh+gBbZzHrhDj20MuTxTB1kaTYh7f9T2G/zmhVpFMyUUoQ=
.
man sshd
says, in part:
SSH_KNOWN_HOSTS FILE FORMAT
Each line in these files contains the following fields: markers (optional), hostnames, bits, exponent, modulus, comment. The fields are separated by spaces.
hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. Hashed hostnames start with a ‘|’ character.
Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The optional comment field continues to the end of the line, and is not used.
-
1For me they are not the same, only the first 19 characters are identical (of the string starting with "AAAAE2...."). – kotozna Jun 19 '15 at 17:37
-
3can you decode the base64 and parse them according to this guide to see the difference? https://security.stackexchange.com/questions/42268/how-do-i-get-the-rsa-bit-length-with-the-pubkey-and-openssl/42272#42272 – Z.T. Jun 19 '15 at 18:20
-
FYI: your key is elliptic curve, but you quoted a section of the man page about rsa. Is there a more applicable section to quote? – Mike Ounsworth Apr 15 '16 at 03:12
-
1@MikeOunsworth actually that section of the manpage was and still is out of date. For SSH version 1, which is obsolete and broken and RSA only, .pub files and known_hosts and authorized_keys (all) used three decimal numbers. For v2 all use a string identifying the keytype/algorithm and a base64 blob, for RSA DSA several variants of ECDSA and ED255519 (although OpenSSH since 7.0 deprecates DSA). The authorized_keys format section of the manpage describes both v1 and v2 formats, but the known_hosts section doesn't. – dave_thompson_085 Jun 14 '16 at 04:20