Why do I have two known_hosts entries for github?
If I run git clone [email protected]:some-org/some-repo.git
, I'm prompted with the following:
The authenticity of host 'github.com (192.30.253.113)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Obviously, I verify the fingerprint against the list at https://help.github.com/articles/github-s-ssh-key-fingerprints/, and respond yes
:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.253.113' (RSA) to the list of known hosts.
...etc.
That results in two entries being added to my ~/.ssh/known_hosts
file, both with the same key, both hashed.
If I confirm the key with ssh-keyscan github.com
, the key matches.
But why do I have two entries in known_hosts
, rather than one?
Solution 1:
Normally, the known_hosts
file contains a list of the hostnames/IP addresses on every line. But this is not used when the hostnames are hashed (for simplification of the matching?) as described in the manual page for sshd
:
Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. Hashed hostnames start with a ‘|’ character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied.
So to answer your question,
But why do I have two entries in known_hosts, rather than one?
One of them is github.com
and the other 192.30.253.113
exactly as you confirmed in the prompt
Warning: Permanently added 'github.com,192.30.253.113' (RSA) to the list of known hosts.
If you turn the known hosts hashing off (there is no good reason to do that), you will get only one line such as I have:
github.com,192.30.252.128 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==