Home > InfoSec, Networking > Useful commands for dealing with the SSH Known Hosts File

Useful commands for dealing with the SSH Known Hosts File

Some useful things that you can use with ssh-keygen :
Listing all the entries in the known_hosts file:

ssh-keygen -l -f /home/myUserName/.ssh/known_hosts

Listing the a specific entry
(with IP address only)

ssh-keygen -l -f /home/myUserName/.ssh/known_hosts -F 192.168.1.1

(with IP address and port)

ssh-keygen -l -f /home/myUserName/.ssh/known_hosts -F [192.168.1.1]:8888

Listing the hash of a specific entry:

ssh-keygen -H -F 192.168.1.1 -f "/home/myUserName/.ssh/known_hosts" 

Getting the fingerprint off a public-key file (e.g: id_dsa.pub, id_rsa.pub)

ssh-keygen -lf ~/.ssh/id_rsa.pub
ssh-keygen -lf /home/myUserName/.ssh/id_rsa.pub

Removing an entry from the known_hosts file (using the IP address only):

ssh-keygen -f "/home/myUserName/.ssh/known_hosts" -R ip-address

e.g:

ssh-keygen -f "/home/User1/.ssh/known_hosts" -R 192.168.1.1

Removing an entry from the known_hosts file (using the IP address and port) (Commonly seen with services that use non-standard ports):

ssh-keygen -f "/home/myUserName/.ssh/known_hosts" -R [ip-address]:port

e.g:

ssh-keygen -f "/home/User1/.ssh/known_hosts" -R [192.168.1.1]:8888

Also useful:
Sometimes you may have changed the owner of the known_hosts file by mistake thus making removal of entries impossible. So, to change the owner back to the particular user:

chown userName:Group /path/to/file
Advertisements
Categories: InfoSec, Networking Tags: , , ,
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: