My understanding is that known_hosts file contains all public keys of all the hosts I access.
I generated private-public keys (id_ed25519 and id_ed25519.pub) with ssh-keygen and when I first tried to connect to a host I got that known message remote host identification has changed. After agreeing to add the key to known_hosts I expected the key in id_ed25519.pub and in known_hosts to be the same. But, they’re not. What am I missing here?
Servers also have public/private keys, it’s important not to mix them up
@SamMason, can you ellaborate on how this answers my question please?
The host has its own keys, separate from any users’ keys, and those host keys are used when a user connects to that host. The host keys are what appear in
~/.ssh/known_hosts, and you’d need root access to change them.@JimRedmond, but I create the private and public keys and added the public key to my github account. Why the host (github) will have separate keys? Can you explain?
You gave GitHub your public key, but not the matching private key. (Giving away your private key is incredibly foolish.) Similarly, you have GitHub’s public key, but not their matching private key. The two keys work together; GitHub sees what you’ve signed with your private key, and uses your public key to confirm that it’s actually you, and (similarly) you see what GitHub has signed with their private key and use their public key to confirm that it’s actually them. Without that pairing, anybody can claim to be GitHub, and your session is insecure.
Show 2 more comments