Skip to content

Instantly share code, notes, and snippets.

@bradland
Last active April 4, 2023 21:21
Show Gist options
  • Save bradland/1315165 to your computer and use it in GitHub Desktop.
Save bradland/1315165 to your computer and use it in GitHub Desktop.
SSH known_hosts tools
# This is a short collection of tools that are useful for managing your
# known_hosts file. In this case, I'm using the '-f' flag to specify the
# global known_hosts file because I'll be adding many deploy users on this
# system. Simply omit the -f flag to operate on ~/.ssh/known_hosts
# Add entry for host
ssh-keyscan -H github.com >> /etc/ssh/ssh_known_hosts
# Scan known hosts
ssh-keygen -f /etc/ssh/ssh_known_hosts -F github.com
# Scan known hosts and grep (return code is 0 if matched; 1 if not matched)
ssh-keygen -f /etc/ssh/ssh_known_hosts -F github.com | grep 'github.com'
# Count matches for host
ssh-keygen -f /etc/ssh/ssh_known_hosts -F github.com | wc -l
# Remove entry for host
ssh-keygen -f /etc/ssh/ssh_known_hosts -R github.com
rm /etc/ssh/ssh_known_hosts.old
# Wipe all known_hosts files
if [ -e ~/.ssh/known_hosts ]; then rm ~/.ssh/known_hosts; fi
if [ -e ~/.ssh/known_hosts ]; then rm ~/.ssh/known_hosts; fi
if [ -e ~/.ssh/known_hosts.old ]; then rm ~/.ssh/known_hosts.old; fi
if [ -e /etc/ssh/ssh_known_hosts ]; then rm /etc/ssh/ssh_known_hosts; fi
if [ -e /etc/ssh/ssh_known_hosts.old ]; then rm /etc/ssh/ssh_known_hosts.old; fi
# Show last return code; useful for testing the grep example
echo $?
@brettnak
Copy link

Not sure if this makes a difference for your use case but your first line, in addition to adding an entry, will erase all other system entries. For newer readers, it might be a good idea to change it to an append redirect, >>, and avoid accidentally erasing other known entries.

@foxx
Copy link

foxx commented Aug 30, 2015

Super useful, thanks for sharing!

@jeffryang24
Copy link

On line 13, if you use -H parameter, the grep will always return 1 because the value of github.com has been hashed. You must remove the -H to achieve zero exit code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment