SFTP known_hosts

The known_hosts file is an important component in the SSH (Secure Shell) protocol, used by SFTP (SSH File Transfer Protocol) to authenticate the identity of a remote host.

Purpose

The known_hosts file helps prevent Man-In-The-Middle (MITM) attacks by storing known good fingerprints of SSH servers. When you connect to a server via SSH or SFTP for the first time, the server's public key fingerprint is shown to you and, upon acceptance, stored in your known_hosts file. On subsequent connections, the server's identity is verified against the stored fingerprint. If there's a mismatch, SSH warns you of a possible security breach.

Location

The known_hosts file is typically located in the user's SSH configuration directory:

For Unix-like systems (Linux, macOS), it's usually at ~/.ssh/known_hosts .

For Windows systems using software like PuTTY, the location can vary based on the application’s configuration.

File Content

Each line in the known_hosts file represents a single host. Here’s a simplified explanation of the line format:

[hostname],[ip-address] ssh-rsa [key-fingerprint]

hostname : The canonical name of the remote host.

ip-address : The IP address of the remote host, which can be included as an additional measure.

ssh-rsa : Indicates the type of key used (e.g., RSA, ECDSA, DSA).

key-fingerprint : The fingerprint of the public key.

Managing known_hosts

When you connect to a host whose key has changed (possibly due to reinstallation or reconfiguration), you'll receive a warning that the fingerprint does not match the one in your known_hosts file. For security reasons, this should be investigated before updating the file. If you determine it’s safe (e.g., after verifying with a system administrator), you can manually edit known_hosts to remove the old key, or use a command like ssh-keygen -R [hostname] to remove the old entry.