Finding an SSH Known Host That is Masked

If you have the HashKnownHosts option for your ssh client set to yes, then you have a more secure known_hosts file so that a bad actor cannot easily get a list of the hosts you connect to, which is a good idea. However, it also hides it from you, so if you need to remove a specific host’s entry, it is not obvious which one to remove. Getting the entry is simple enough with the ssh-keygen command:

ssh-keygen -H -F 

This will output a line that (should) match one of the files in your known_hosts. If it does not, then try a different hostname, either add or remove the fully qualified domain name. If you do not know the name of the host, then you will not, by design, be able to find which host belongs to which hash.

Leave a Comment