Using Terminal, RSA fingerprints

Question

Using Terminal, RSA fingerprints

Not sure if this is the right forum, but let's try:

When I establish an SSH connection for the first time via terminal, I get a response like this:

---
The authenticity of host 'starenterprise.com (194.77.100.91)' can't be established.
RSA key fingerprint is xx:xx:xx:xx:xx:xx.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'starenterprise.com' (RSA) to the list of known hosts.
---

Where does OS X store the list of known hosts ? I want to remove some servers I no longer use but maybe have still them listed there.

Mac OS X (10.4.8)

Posted on Jan 25, 2007 2:17 PM

Reply

Answer 1

Jan 25, 2007 2:32 PM in response to tobias Eichner

Not sure on the Mac, typically on UNIX machines these are kept in ~/.ssh/known_hosts

Reply

Answer 2

Jan 25, 2007 2:52 PM in response to Glen Doggett

Sorry, I can't find that file.

Reply

Answer 3

Jan 25, 2007 2:56 PM in response to tobias Eichner

My mistake "ls -a" found the directory .ssh finally in my user's home directory 😉

Now the question: Can I simply remove entries no longer needed there, it seems to be a simle text file ?

Reply

Answer 4

Jan 25, 2007 7:14 PM in response to tobias Eichner

You should be able to edit the file to remove unwanted entries, if you no longer need to log in to a particular machine. I think you could use text edit, from Terminal:

open -a TextEdit ~/.ssh/known_hosts

If you try to log into a new machine, you will get asked the first time if you want to add the machine to your list of known hosts again.

By the way, if you can physically log into a particular host machine you can examine its public ssh-rsa key in
/etc/ssh host_rsakey.pub or something like that.
When you ssh into that host machine for the first time, you can verify that you have reached that machine with the matching public ssh-rsa key when prompted to add to the list of known hosts, just to rule out that you haven't connected to some other machine masquerading.

Reply

Answer 5

Jan 26, 2007 4:04 AM in response to Glen Doggett

Thanks for the tip 🙂

Reply

Answer 6

Jan 26, 2007 4:30 AM in response to Glen Doggett

when prompted to add to the list of known hosts, just to rule out that you
haven't connected to some other machine masquerading.

Just for interest... do you know if there are known cases of man-in-the-middle attacks using SSH ?

Theoretically it would be surely possible for an abusive server to claim being an other one. Then it even could use the provided username/password to connect to the intended server and stay between the user and the target system, so if user isn't aware that the terminal session was hacked.

Anyway, we have blocked all SSH accesses to our servers from "outside" and limited them to our own IP addresses only 🙂

Reply