Question

12

Why do I've two entries per server in known_hosts file?

rated 0 times [ 12] [ 0] / answers: 1 / hits: 6245 / 1 Year ago, sat, december 17, 2022, 1:44:55

On my mac I've 1 entry per server in the ~/.ssh/known_hosts file, in Ubuntu I noticed there are two created per server. Why is that?

Format is:

|1|wwwwwwwwwwwwwww=|wwwwwwwwww= ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

|1|vvvvvvvvvvvvvvv=|vvvvvvvvvv= ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

In both entries, first section before ecdsa-sha2-nistp256 is different. After ecdsa-sha2-nistp256 it is same (pub key I imagine).

I ssh into server A, and from there I ssh into server B. I'm not manually adding entries, I see ubuntu warning and allow it to add to known_hosts file.

I blanked known_hosts file for this test.

I've a reasonable doubt that extra entry is for ipv6 address, even though I've not used it to connect. Does ubuntu add it automatically if available?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

antoccasiona

Add To Favorites

Follow

Total Points: 430

Total Questions: 127

Total Answers: 131

Location: Netherlands

Member since Sat, Jun 26, 2021

3 Years ago

antoccasiona questions

1 Chrome not working after upgrading to Ubuntu 22.04

Sat, Oct 23, 21, 22:34, 3 Years ago

1 org.bluez.Error.AuthenticationTimeout; org.bluez.Error.Failed br-connection-unknown

Tue, Mar 8, 22, 09:39, 2 Years ago

1 NTFS hard drive is read only

Sat, Sep 24, 22, 09:39, 2 Years ago

1 dbus calls to gnome shell don't work under Ubuntu 22.04

Sun, Jan 15, 23, 11:08, 1 Year ago

1 HP laptop: Ubuntu install and live disk failed: pcie trouble: fixed

Sat, Aug 27, 22, 18:13, 2 Years ago

View All

answered 1 Year ago tresein · Accepted Answer

You have two entries because one is by domain and the other by IP address, so your example:

|1|wwwwwwwwwwwwwww=|wwwwwwwwww= ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

|1|vvvvvvvvvvvvvvv=|vvvvvvvvvv= ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

might in effect read:

[example.com] ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

[192.168.6.8] ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

If you disable known host hashing (add HashKnownHosts no to your ~/.ssh/config file) then you can see what is happening, but on a non-hashed known_host file, both the domain and IP address can appear on the same line, so they'd look like this:

[example.com],[192.168.6.8] ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

There's a bit more of a discussion of the known_hosts file format here.