Ssh knownhosts not updating
You'll know hashed entries when you see them, they look like hashes with random characters instead of or 1.89.
[email protected]:~$ ssh-keyscan -t rsa -H # SSH-2.0-conker_1.0.257-ce87fba app-128 |1|yr6p7i8doy Lh Dtrrn WDk7m9QVXk=|Lu KNg9gype Dhf Ro/Av LTAlxny Qw= ssh-rsa AAAAB3Nza C1yc2EAAAABIw AAAQEAubi N81e Dcafrg Me Lza FPsw2k Nv Ecq TKl/Vq Lat/Ma B33p Zy0y3r JZtnqw R2q OOvbw KZYKi EO1O6Vq NEBx Kv JJel Cq0d TXWT5pb O2g DXC6h6QDXCa Ho6p OHGPUy YBa GQRGu Sus MEASYi Wun YN0v CAI8Qa Xn WMXNMd FP3j HAJH0e Dsoi Gn LPBl Bp4TNm6r YI74n Mzgz3B9Iik W4WVK dc8KZJZWYj Au ORU3jc1c/NPsk D2ASinf8v3xnf Xeuk U0s J5N6m5E8VLj Ob PEO m N2t/FZTMZLi Fq PWc/ALSqn Mnnhwr Ni2rbfg/rd/Ip L8Le3p SBne8 see FVBo Gqz HM9y Xw== " convention.
Just remember more comparisons from different computers & networks will usually increase your ability to trust the connection. jersey.IN SSHFP 1 1 4d8589de6b1a48e148d8fc9fbb967f1b29f53ebc jersey.IN SSHFP 1 2 6503272a11ba6d7fec2518c02dfed88f3d455ac7786ee5dbd72df63307209d55 jersey.IN SSHFP 3 1 5a7a1e8ab8f25b86b63c377b303659289b895736 debug1: Server host key: ecdsa-sha2-nistp256 SHA256: H1D3k BF9/t0ynbz2Iqf Ud VHh L/WROQLGan2ijkfe T0s debug1: found 4 insecure fingerprints in DNS debug1: matching host key fingerprint found in DNS The authenticity of host 'jersey.(264::10)' can't be established.
ECDSA key fingerprint is SHA256: H1D3k BF9/t0ynbz2Iqf Ud VHh L/WROQLGan2ijkfe T0s. Are you sure you want to continue connecting (yes/no)?
Now to use that string in a way that prevents asking about a hosts authenticity...
nmap is highly helpful for certain things, like detecting open ports and this-- manually verifying SSH fingerprints. That 'fingerprint' is just a string shortened with a one way algorithm for our human convenience at the risk of more than one string resolving into the same fingerprint. Regardless, back to the original string which we can see in context below.RSA key fingerprint is 97:8c:1b:f2:6f:14:6b:5c:3b:ec:aa::7c:40. Are you sure you want to continue connecting (yes/no)[email protected]:~$ nmap --script ssh-hostkey Starting Nmap 7.01 ( https://) at 2016-10-05 EDT Nmap scan report for (22.214.171.124) Host is up (0.032s latency).That said, this may not be worthwhile, depending on what sort of environment you're working in and who your anticipated adversaries are.Doing a simple "store on first connect" (via a scan or simply during the first "real" connection) as described in several other answers above may be considerably easier and still provide some modicum of security.