Differing SSH known_hosts formats
These are not different formats of known_hosts
, but different key types (ssh-rsa
and ecdsa-sha2-nistp256
- well described on the manual page for sshd
). The server usually has more host keys of different types to provide wider compatibility with different clients.
If you are on the server, you can find all the host keys and print their public keys using (but the line is not in the same format):
$ cat /etc/ssh/ssh_host_*.pub
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEJJEs165NgdEcD94Xg3ySFA/qgkfytxNCX1X3pB2SPgU/mHLGXCXM8+VqMBXocM8OMOq2L0fDGr5mI+nGqjhNU= user@host
The format that is accepted by known_hosts
file can be obtained using (from the server to achieve the authenticity of the keys):
$ ssh-keyscan 11.22.33.44
11.22.33.44 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEJJEs165NgdEcD94Xg3ySFA/qgkfytxNCX1X3pB2SPgU/mHLGXCXM8+VqMBXocM8OMOq2L0fDGr5mI+nGqjhNU=
#[...]
This prints the format you can directly store in the client' known_hosts
file.
For the whole picture (from the manual page):
Each line in these files contains the following fields: markers (optional), hostnames, keytype, base64-encoded key, comment. The fields are separated by spaces.