SSH holds fingerprints of your outside machines in the known_hosts file. Sometimes you might need to remove or update one of those entries. Jack Wallen shows you how. We may be compensated by vendors who appear on this page through methods such as consort links or sponsored partnerships. This may influence how and where their products appear on our site, but vendors can not pay to influence the contented of our reviews. For more information, visit our Terms of Use page
The SSH known_hosts file contains fingerprints ( generated from the distant machines SSH key ) of the known machines you ’ ve logged into. If you SSH into a machine for the first time, you will be asked if you want to save that hosts ’ fingerprint. Consider this charge your personal SSH certificate authority. One reason this file is authoritative is that it might prevent you from logging in to a different machine with the same IP address. Say, for exemplar, person has compromised one of the servers on your network. You ’ ve previously logged in to that machine with SSH, but the hackers have re-directed the IP address to another machine. Should that happen, and you attempt to log into the machine with the like IP address, SSH will fail because of a mismatch on the SSH keys.

SEE: Security incident response policy (TechRepublic Premium)
That ’ s a bit of an extreme example, but it illustrates why known_hosts is crucial. It besides illustrates a rationality you might need to remove an introduction from the file. Say, you ’ ve migrated your database server to a different IP. Your known_hosts file hush has the key from the previous IP, sol when you try to log into the newfangled IP address, SSH will complain. rather of clearing out the integral known_hosts charge, you could just remove that one cable .
Let me show you how .

What you’ll need

To make this exploit, you ’ ll need a machine running SSH with entries in the known_hosts file. That ’ s it. Let ’ s make this find .

How to remove a single entry from known_hosts

Log in to the machine housing the known_hosts file. Let ’ s say the IP address associated with the entry to be removed is To remove that line we ’ ll use the ssh-keygen control like so :
ssh-keygen -f ~/.ssh/known_hosts -R

The submission associated with will be removed and a new accompaniment imitate of known_hosts will be saved as known_hosts_old. You can test this by removing the entrance and then logging back into You should be asked if you want to save the ECDSA key fingerprint for the distant host. If that happens, congratulations ! You ’ ve successfully removed that individual entry from known_hosts .

How to update an entry

Let ’ s say you ’ d rather not remove the submission but, alternatively, you ’ five hundred merely like to update one. You can do that with the ssh-keyscan dominate. Let ’ s update the like server at the IP address with the instruction :
ssh-keyscan -t ecdsa >> ~/.ssh/known_hosts
This time, when you go to log into that IP address, you won ’ thymine be asked to save the fingerprint, because it ’ south hush there ( merely it ’ mho been updated ) .
And that ’ s how you can easily remove or update an entry in the SSH known_hosts file. Don ’ triiodothyronine just let that file become a drivel dump of entries, as that could wind up being a security system return .
Subscribe to TechRepublic’s How To Make Tech Work on YouTube for all the latest tech advice for business pros from Jack Wallen.

Cybersecurity Insider Newsletter

Strengthen your organization ‘s IT security defenses by keeping abreast of the latest cybersecurity newsworthiness, solutions, and best practices .
Delivered Tuesdays and Thursdays

reference :
Category : Website hosting

Leave a Reply

Your email address will not be published.