Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What is actually in known_hosts? [closed]

Tags:

ssh

I did not have an .ssh directory until I ran

ssh [email protected]

This created a .ssh directory with one file known_hosts.

It had some text like this in it.

foo.com,107.180.00.00 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk+9ClqoSgfcu4vXbWtUGSjo75UVQf+uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t+biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM+S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO+4BZfwvH3HSSH8IWoyFhki+NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A+U1fff

I thought this might have been a public or private key pulled of my server some how, but it was not.

What is this, and what is it used for?

I'm just trying to learn more about ssh and how it works. For example in this case I did not setup the private key on the local machine so it prompted for a password as expected.

Research

It's suppose to be a public key for the server according to

https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-key-and-known-host-file-for-ssh

like image 305
cade galt Avatar asked Oct 20 '15 17:10

cade galt

People also ask

What is inside known_hosts file?

A file associated with a specific account that contains one or more host keys. Each host key is associated with an SSH server address (IP or hostname) so that the server can be authenticated when a connection is initiated.

What should be in ssh known_hosts?

ssh/known_hosts file contains the SSH fingerprints of machines you've logged into. These fingerprints are generated from the remote server's SSH key. When you secure shell into a remote machine for the first time, you are asked if you want to continue connecting (Figure A).

Can I delete known_hosts?

Windows with PuTTYPuTTYPuTTY (/ˈpʌti/) is a free and open-source terminal emulator, serial console and network file transfer application. It supports several network protocols, including SCP, SSH, Telnet, rlogin, and raw socket connection. It can also connect to a serial port.https://en.wikipedia.org › wiki › PuTTYPuTTY - Wikipedia Search for regedit.exe and open it. Navigate to HKEY_CURRENT_USER/SOFTWARE/SimonTatham/PuTTy/SshHostKeys. Right click the offending key and click delete.

What is the difference between known_hosts and Authorized_keys?

authorized_keys is a file that allows you to add ssh public keys of users that should be allowed to log into your server (the server in which the authorized_keys file lives) using key based auth. known_hosts is a file that contains a list of keys from... known hosts that you have logged into.

2 Answers

This file is, effectively, your personal Certificate Authority. It is the list of all SSH server host public keys that you have determined are accurate. Each entry in known_hosts is one big line with three or more whitespace separated fields as follows:

a. One or more server names or IP Addresses, joined together by commas.

foo.com,107.180.00.00

b. The type of key.

ssh-rsa

c. The public key data itself encoded to stay within the ASCII range.

AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk+9ClqoSgfcu4vXbWtUGSjo75UVQf+uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t+biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM+S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO+4BZfwvH3HSSH8IWoyFhki+NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A+U1fff

d. Any optional comment data.

Also!! This thread might be of use for you:

https://security.stackexchange.com/a/20710

like image 133
Castiel Avatar answered Oct 02 '22 02:10

Castiel

To add to the answer above and your comment, There are four building blocks for ssh session

  1. Encryption( symmetric keys derived after key exhange per session)
  2. Data integrity (MAC using eg SHA,HMAC )
  3. Key exchange methods
  4. Public key methods or host key methods

the SSH algorithm negotiation involves a key exchange state machine which begins when the SSH_MSG_KEXINIT message along with algorithms list is sent.

The key exchange method or simply kex specifies session keys for encryption and host authentication host public keys(ssh-rsa, ssh-dss ..) that are sent to the client. The step below are the basic steps that take place for kex using Diffie hellman key exchange algorithm

quoting the RFC https://www.rfc-editor.org/rfc/rfc4253

The following steps are used to exchange a key. In this, C is the client; S is the server; p is a large safe prime; g is a generator for a subgroup of GF(p); q is the order of the subgroup; V_S is S's identification string; V_C is C's identification string; K_S is S's public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's SSH_MSG_KEXINIT message that have been exchanged before this part begins.

  1. C generates a random number x (1 < x < q) and computes e = g^x mod p. C sends e to S.
  1. S generates a random number y (0 < y < q) and computes f = g^y mod p. S receives e. It computes K = e^y mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K) (these elements are encoded according to their types; see below), and signature s on H with its private host key. S sends (K_S || f || s) to C. The signing operation may involve a second hashing operation.
  1. C verifies that K_S really is the host key for S (e.g., using certificates or a local database). C is also allowed to accept the key without verification; however, doing so will render the protocol insecure against active attacks (but may be desirable for practical reasons in the short term in many environments). C then computes K = f^x mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K), and verifies the signature s on H.

the local database mentioned in step three in certain systems could be the .ssh/known_hosts file. So to answer your question the public key is sent to the client by the host during the key-exchange.

The following public key and/or certificate formats are currently defined:

ssh-dss REQUIRED sign Raw DSS Key

ssh-rsa RECOMMENDED sign Raw RSA Key

pgp-sign-rsa OPTIONAL sign OpenPGP certificates (RSA key)

pgp-sign-dss OPTIONAL sign OpenPGP certificates (DSS key)

like image 24
cmidi Avatar answered Oct 02 '22 01:10

cmidi
Sign in to Comment

Related questions

How to append authorized_keys on the remote server with id_rsa.pub key
ssh-agent error "Could not open a connection to your authentication agent." [duplicate]
How to scp back to local when I've already sshed into remote machine?
How do I download SCP and ssh on Cygwin?
Create a PEM from a PPK file [duplicate]
git clone hangs forever on github
Is it possible to SSH into FARGATE managed container instances?
Can't ssh to AWS EC2: Identity file not accessible
Windows CHMOD 600
SSH onto Vagrant Box With Different Username
ansible ssh prompt known_hosts issue
Git with SSH on Windows
Cannot push to git repository - permission denied
id_rsa.pub file SSH Error: invalid format
SSH to AWS Instance without key pairs
ssh command execution doesn't consider .bashrc | .bash_login | .ssh/rc? [duplicate]
Switching between multiple ssh keys in Git on Windows
ERROR: (gcloud.compute.ssh) [/usr/bin/ssh] exited with return code [255]
how to ssh docker container
Git fetch/pull/clone hangs on receiving objects

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!