Is it possible to find out the hosts in the known_hosts file?
I would like to see what hosts are in my known_hosts file but it doesn't appear to be human readable. Is it possible to read it?
More specifically there is a host that I can connect to via several names and I want to find out what the fingerprint I expect for it from my known hosts file.
Update: I'm using OpenSSH_5.3p1 Debian-3ubuntu7, OpenSSL 0.9.8k 25 Mar 2009
A line from my known_hosts file looks something like this,
|1|guO7PbLLb5FWIpxNZHF03ESTTKg=|r002DA8L2JUYRVykUh7jcVUHeYE= ssh-rsa AAAAB3NzaC1yc2EAAFADAQABAAABAQDWp73ulfigmbbzif051okmDMh5yZt/DlZnsx3DEOYHu3Nu/+THJnUAfkfEc1XkOFiFgbUyK/08Ty0K6ExUaffb1ERfXXyyp63rpCTHOPonSrnK7adl7YoPDd4BcIUZd1Dk7HtuShMmuk4l83X623cr9exbfm+DRaeyFNMFSEkMzztBYIkhpA2DWlDkd90OfVAvyoOrJPxztmIZR82qu/5t2z58sJ6Jm2xdp2ckySgXulq6S4k+hnnGuz2p1klviYCWGJMZfyAB+V+MTjGGD/cj0SkL5v/sa/Fie1zcv1SLs466x3H0kMllz6gAk0/FMi7eULspwnIp65g45qUAL3Oj
If it is not hashed you can use: http://unix.stackexchange.com/questions/236192/extract-hostnames-from-non-hashed-ssh-known-hosts/
HashKnownHostsset to "
yes" in your
ssh_configfile, so the hostnames aren't available in plaintext.
If you know the hostname you're looking for ahead of time, you can search for it with:
ssh-keygen -H -F hostname # Or, if SSH runs on port other than 22 ssh-keygen -H -F '[hostname]:2222'
Here's the relevant section from the
-F hostname Search for the specified hostname in a known_hosts file, listing any occurrences found. This option is useful to find hashed host names or addresses and may also be used in conjunction with the -H option to print found keys in a hashed format.
Does hash known hosts essentially mean it's not possible? i.e. I need to know the name of the host in order to look at it's info?
@ColinNewell That's right, you need to know the hostname(s). It's a security measure to keep an attacker from harvesting hostnames/IP addresses of other boxes you frequent if your machine is compromised.
Don't be scared when there is no output at all, but try not the full qualified hostname but the hostname instead.
@pdo - your command does not always work. If the host has SSH on port other than `22`, then the format in `known_hosts` is different. Then you have to use the following command: `ssh-keygen -H -F [host.example.com]:2222`
I wanted to find the rsa key for a specific host, so I ran this: `ssh-keygen -l -f ~/.ssh/known_hosts -F `
I'm considering using this in a script, so I was testing return values. When it successfully finds a match, it returns one, and when it fails it returns 1. Any idea what it's supposed to be returning? The manpage doesn't state anything under the -F or -H flags, nor is there a section about what it returns.