Skip to main content
Known Hosts protects against man-in-the-middle attacks by tracking trusted host fingerprints.

How It Works

  • First connection to a host prompts for trust
  • Accepted host fingerprints are stored locally
  • Future key mismatches are flagged and require review

Manage Entries

From Known Hosts, you can:
  • review stored fingerprints
  • remove outdated entries
  • import entries from your SSH environment

When to Remove a Host Key

Remove an entry only when you have verified one of these:
  • host was rebuilt
  • host keys were rotated intentionally
  • infrastructure was migrated and fingerprint changed as expected

Security Guidance

Do not accept changed fingerprints blindly. Verify via a trusted channel first.

Troubleshooting

See Known Hosts Troubleshooting.