Menu
Is there some cli tool I can use to validate the contents of known_hosts? Maybe try to ping all the hosts in there and see if I can connect to each?
Probably using either ssh-keygen or ssh-keyscan?
580
The known_hosts File is a client file containing all remotely connected known hosts, and the ssh client uses this file. This file authenticates for the client to the server they are connecting to. The known_hosts file contains the host public key for all known hosts.
If set to yes, ssh will additionally check the servers IP address in the list of known hosts. This allows it to detect if a public host key changed due to DNS spoofing and will add addresses of destination hosts to ~/. ssh/known_hosts in the process.
ssh/known_hosts file contains the SSH fingerprints of machines you've logged into. These fingerprints are generated from the remote server's SSH key. When you secure shell into a remote machine for the first time, you are asked if you want to continue connecting (Figure A).
On a Mac or Linux machine – the known_hosts file is located in the . ssh/known_hosts directory.
If you have list of all hosts available you can do it like this:
ssh-keyscan -t rsa,dsa -f hosts_list > ~/.ssh/known_hosts_revised
This will generate a new known_hosts_revised which you can make a diff with your current know_hosts to see the differences.
If you don't need to compare it you can simply do ... > ~/.ssh/known_hosts to overwrite it (WARNING: the original known_hosts will be lost!)
The source of information are the OpenBSD man pages for ssh-keyscan(1).
Edit
The hosts_list expected in for:
1.2.3.4,1.2.4.4 name.my.domain,name,n.my.domain,n,1.2.3.4,1.2.4.4
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
