On 2020/09/30 06:35, Mauricio Tavares wrote: > On Tue, Sep 29, 2020 at 6:46 AM Damien Miller <djm@xxxxxxxxxxx> wrote: > > > > On Tue, 29 Sep 2020, Martin Drescher wrote: > > > > > Hi list members, > > > > > > just tried to get some old records out of my known_hosts, which is > > > 'HashKnownHosts yes'. Is there a way to unhash host names and/or > > > IPs? Google tells about, how to add hosts, but not the opposite, may > > > be I miss some thing. Is this does not work at all, is there a best > > > practice for cleaning old hosts and keys out? > > > > The hashing is intentionally one-way - you can't go backwards from a > > hash to a hostname without an inordinate amount of work. > > > > You can however find and delete hosts by name using ssh-keygen. > > > > To find entries matching a hostname, use "ssh-keygen -F hostname", e.g. > > > > $ ssh-keygen -lF haru.mindrot.org > > # Host haru.mindrot.org found: line 146 > > haru.mindrot.org ECDSA SHA256:xjGrsgS6JzMojD3go1qULmh02LG8YpRirOwmoHnT/3M > > # Host haru.mindrot.org found: line 165 > > haru.mindrot.org RSA SHA256:9nN+SOkKCQq6BLzybAUNlczAU0n+HbOIDxIrBIbPPmU > > # Host haru.mindrot.org found: line 166 > > haru.mindrot.org ED25519 SHA256:43S30LGUkc2f9dDcLZG6O5KPKtPn7Xw2WkR2vCO/nnU > > > One a side note, I see *some* entries in .ssh/known_hosts > showing the hostname or IP, while others do not. What causes this lack > of consistency? Changing between 'HashKnownHosts no' and 'HashKnownHosts yes' without removing/rebuilding the file. See ssh-keygen -H. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
