SSH known_hosts tools

ssh-known-hosts-mgmt.sh

# This is a short collection of tools that are useful for managing your
# known_hosts file. In this case, I'm using the '-f' flag to specify the
# global known_hosts file because I'll be adding many deploy users on this
# system. Simply omit the -f flag to operate on ~/.ssh/known_hosts

# Add entry for host
ssh-keyscan -H github.com >> /etc/ssh/ssh_known_hosts

# Scan known hosts
ssh-keygen -f /etc/ssh/ssh_known_hosts -F github.com

# Scan known hosts and grep (return code is 0 if matched; 1 if not matched)
ssh-keygen -f /etc/ssh/ssh_known_hosts -F github.com | grep 'github.com'

# Count matches for host
ssh-keygen -f /etc/ssh/ssh_known_hosts -F github.com | wc -l

# Remove entry for host
ssh-keygen -f /etc/ssh/ssh_known_hosts -R github.com
rm /etc/ssh/ssh_known_hosts.old

# Wipe all known_hosts files
if [ -e ~/.ssh/known_hosts ]; then rm ~/.ssh/known_hosts; fi
if [ -e ~/.ssh/known_hosts ]; then rm ~/.ssh/known_hosts; fi
if [ -e ~/.ssh/known_hosts.old ]; then rm ~/.ssh/known_hosts.old; fi
if [ -e /etc/ssh/ssh_known_hosts ]; then rm /etc/ssh/ssh_known_hosts; fi
if [ -e /etc/ssh/ssh_known_hosts.old ]; then rm /etc/ssh/ssh_known_hosts.old; fi

# Show last return code; useful for testing the grep example
echo $?

Not sure if this makes a difference for your use case but your first line, in addition to adding an entry, will erase all other system entries. For newer readers, it might be a good idea to change it to an append redirect, >>, and avoid accidentally erasing other known entries.

Super useful, thanks for sharing!

On line 13, if you use -H parameter, the grep will always return 1 because the value of github.com has been hashed. You must remove the -H to achieve zero exit code.