下面是一个known_hosts
条目。从 开始到结束的部分ssh-rsa
是公钥。其他部分( 之前的字符ssh-rsa
)是什么?
|1|KnbIIJIPrL/1p7ofUV74sK+j/Gc=|wrjOFnPgoF0afgH0PeRtRqSdgvc= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5 QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==
答案1
是|1|
HASH_MAGIC,表明它是一个散列的 known_hosts 条目。
接下来的两个 base-64 编码字段(以 分隔|
)是随机生成的盐和主机的 SHA-1 哈希。
如果您使用的是旧版本的 OpenSSH,或者您已HashKnownHosts No
在或 ~/.ssh/config` 中设置/etc/ssh/ssh_config
,则条目不会被散列,并且看起来更像这样:
remotehostname,192.168.1.100 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdn...etc...
答案2
从sshd(8)
手册页中,SSH_KNOWN_HOSTS 文件格式部分:
Each line in these files contains the following fields: markers (optional), hostnames, bits, exponent, modulus, comment. The fields are separated by spaces.
...
Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file’s contents be disclosed. Hashed hostnames start with a ‘|’ character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard opera- tors may be applied.