Does the SSH know_host file need a server name?

537    Asked by alexDuncan in Cyber Security , Asked on Mar 25, 2022

 When I push/pull repos on GitHub over SSH, sometimes there will be a message about an unidentified server and asks if I want to trust and add it to known_hosts. Apparently this is because GitHub has multiple IPs. What I don't understand is why SSH needs to record the hostname in known_hosts. When I use my private key to authenticate myself to GitHub, there is no need for me to present an IP/domain name to GitHub. Why cant' SSH authenticate the server as original with only its key?

Answered by Amit Sinha

The whole point in having a known_host is to keep a record of keys associated with the host they belong to. To be more specific, it records the key associated with the hostname you tried to connect to with the ssh, scp or sftp command. It will help you avoid MITM attacks, since any SSH-based command will alert you if the server key has changed since it recorded it in your known_hosts. As long as you use the same hostname and it presents the same key, it does not matter if it has multiple IPs or not.



Your Answer

Interviews

Parent Categories