4

From my naive understanding of ssh, the server shares its public key ( /etc/shh/ssh_host_rsa_key.pub ) with the client, who then adds it to the list of known hosts ( /user/.ssh/known_hosts ). So, I would expect if I look in those two files to see a long identical string in both (the "key"). When I compare the text in these two files I can see a string in both which is the same at the beginning but then becomes different. Why can't I see the same long string in both files (which I would assume is the key)?

kotozna
  • 143
  • 4
  • Maybe the client only stores a hash where the server obviously would need the full key. – André Borie Aug 13 '16 at 04:25
  • An OpenSSH server normally has 3-4 keys, of different types to support possibly varying clients, but a client normally gets and stores in known_hosts only one of them -- make sure you are comparing the host key for the type stated in the client file. PS: it's not `shh`, although I do sometimes wish it were quieter. – dave_thompson_085 Mar 27 '21 at 22:19

2 Answers2

1

For privacy.

With modern versions of OpenSSH, the known_hosts file on the client contains a hash of the server name (or IP address), rather than the name directly. The reason for only storing a hash is that if someone obtains a copy of this file (e.g. leaked backup), they can't discover which servers are recorded, i.e. they can't discover which sites you connected to. They can verify guesses, of course: that's unavoidable since the legitimate client must be able to do this.

The ssh-keygen utility has a few options to manipulate the known_hosts entries, but of course can't convert a hash to the non-hash format. You can set HashKnownHosts no in your client configuration (~/.ssh/config) to turn off hashing, then the entries will be in a format where the public key is clearly visible.

Gilles 'SO- stop being evil'
  • 51,415
  • 13
  • 121
  • 180
  • I've never seen a version of OpenSSH that hashes the keyblobs, only the servernames -- and that not by default (at least in upstream, an installation or distro might change the default). – dave_thompson_085 Mar 27 '21 at 22:17
0

For me, it contains the same string. the server has: ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLmw2JjbKMO5LXTcJ67et6TBZeLff1WghM6koKjiHGh+gBbZzHrhDj20MuTxTB1kaTYh7f9T2G/zmhVpFMyUUoQ=

and the client has

|1|some_base64|more_base64 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLmw2JjbKMO5LXTcJ67et6TBZeLff1WghM6koKjiHGh+gBbZzHrhDj20MuTxTB1kaTYh7f9T2G/zmhVpFMyUUoQ=.

man sshd says, in part:

SSH_KNOWN_HOSTS FILE FORMAT

Each line in these files contains the following fields: markers (optional), hostnames, bits, exponent, modulus, comment. The fields are separated by spaces.

hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. Hashed hostnames start with a ‘|’ character.

Bits, exponent, and modulus are taken directly from the RSA host key; they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The optional comment field continues to the end of the line, and is not used.

Z.T.
  • 7,963
  • 1
  • 22
  • 36
  • 1
    For me they are not the same, only the first 19 characters are identical (of the string starting with "AAAAE2...."). – kotozna Jun 19 '15 at 17:37
  • 3
    can you decode the base64 and parse them according to this guide to see the difference? https://security.stackexchange.com/questions/42268/how-do-i-get-the-rsa-bit-length-with-the-pubkey-and-openssl/42272#42272 – Z.T. Jun 19 '15 at 18:20
  • FYI: your key is elliptic curve, but you quoted a section of the man page about rsa. Is there a more applicable section to quote? – Mike Ounsworth Apr 15 '16 at 03:12
  • 1
    @MikeOunsworth actually that section of the manpage was and still is out of date. For SSH version 1, which is obsolete and broken and RSA only, .pub files and known_hosts and authorized_keys (all) used three decimal numbers. For v2 all use a string identifying the keytype/algorithm and a base64 blob, for RSA DSA several variants of ECDSA and ED255519 (although OpenSSH since 7.0 deprecates DSA). The authorized_keys format section of the manpage describes both v1 and v2 formats, but the known_hosts section doesn't. – dave_thompson_085 Jun 14 '16 at 04:20