Open menu


SFTP known_hosts

The known_hosts file is an important component in the SSH (Secure Shell) protocol, used by SFTP (SSH File Transfer Protocol) to authenticate the identity of a remote host.


The known_hosts file helps prevent Man-In-The-Middle (MITM) attacks by storing known good fingerprints of SSH servers. When you connect to a server via SSH or SFTP for the first time, the server's public key fingerprint is shown to you and, upon acceptance, stored in your known_hosts file. On subsequent connections, the server's identity is verified against the stored fingerprint. If there's a mismatch, SSH warns you of a possible security breach.


The known_hosts file is typically located in the user's SSH configuration directory:
  • For Unix-like systems (Linux, macOS), it's usually at ~/.ssh/known_hosts .
  • For Windows systems using software like PuTTY, the location can vary based on the application’s configuration.
  • File Content

    Each line in the known_hosts file represents a single host. Here’s a simplified explanation of the line format:
    [hostname],[ip-address] ssh-rsa [key-fingerprint]
  • hostname : The canonical name of the remote host.
  • ip-address : The IP address of the remote host, which can be included as an additional measure.
  • ssh-rsa : Indicates the type of key used (e.g., RSA, ECDSA, DSA).
  • key-fingerprint : The fingerprint of the public key.
  • Managing known_hosts

    When you connect to a host whose key has changed (possibly due to reinstallation or reconfiguration), you'll receive a warning that the fingerprint does not match the one in your known_hosts file. For security reasons, this should be investigated before updating the file. If you determine it’s safe (e.g., after verifying with a system administrator), you can manually edit known_hosts to remove the old key, or use a command like ssh-keygen -R [hostname] to remove the old entry.