4

Connect to a server using OpenSSH_5.9p1 OpenSSL 1.0.1, and it stores a .ssh/known_hosts that's of the format:

|1|wwwwwwwwwwwwwww=|wwwwwwwwww= ecdsa-sha2-nistp256 AAAAAAAAAA+AAAAA=

Then copy that known_hosts file to another PC running OpenSSH_4.5p1 OpenSSL 0.9.8d, and it gives the "authenticity can't be established, are you sure you want to continue connecting" message, as if the known_hosts file was't right.

When that second PC stores the known_hosts for the same server, it writes it in the format:

[10.2.3.4]:22 ssh-rsa AAAAAAAAAA/BBBBB/CCCCCC//DDDDDD

Is there a way to convert between the two formats?

OJW
  • 2,487

2 Answers2

6

Your first example contains an ECDSA key (ecdsa-sha2-nistp256), which were introduced in OpenSSH 5.7.

OpenSSH 4.5 only supports RSA and DSA keys (ssh-rsa and ssh-dss), and ignores your known_hosts entry.

grawity
  • 501,077
4

The first key format you have is a hashed format, designed to prevent someone who's broken into your account from knowing which other hosts he/she might be able to connect to using your password and/or SSH keys.

It's possible to convert the plaintext format to the hashed format, but not vice versa. There are various scripts out there on the net for this purpose.

If you're not that worried about this issue, then you can always add

HashKnownHosts no

to ~/.ssh/config to disable the known_hosts hashing. Refer to ssh_config(5) for further details.

jjlin
  • 16,120