What is actually in known_hosts?

To add to the answer above and your comment, There are four building blocks for ssh session

  1. Encryption( symmetric keys derived after key exhange per session)
  2. Data integrity (MAC using eg SHA,HMAC )
  3. Key exchange methods
  4. Public key methods or host key methods

the SSH algorithm negotiation involves a key exchange state machine which begins when the SSH_MSG_KEXINIT message along with algorithms list is sent.

The key exchange method or simply kex specifies session keys for encryption and host authentication host public keys(ssh-rsa, ssh-dss ..) that are sent to the client. The step below are the basic steps that take place for kex using Diffie hellman key exchange algorithm

quoting the RFC https://www.rfc-editor.org/rfc/rfc4253

The following steps are used to exchange a key. In this, C is the client; S is the server; p is a large safe prime; g is a generator for a subgroup of GF(p); q is the order of the subgroup; V_S is S's identification string; V_C is C's identification string; K_S is S's public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's SSH_MSG_KEXINIT message that have been exchanged before this part begins.

  1. C generates a random number x (1 < x < q) and computes e = g^x mod p. C sends e to S.
  1. S generates a random number y (0 < y < q) and computes f = g^y mod p. S receives e. It computes K = e^y mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K) (these elements are encoded according to their types; see below), and signature s on H with its private host key. S sends (K_S || f || s) to C. The signing operation may involve a second hashing operation.
  1. C verifies that K_S really is the host key for S (e.g., using certificates or a local database). C is also allowed to accept the key without verification; however, doing so will render the protocol insecure against active attacks (but may be desirable for practical reasons in the short term in many environments). C then computes K = f^x mod p, H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K), and verifies the signature s on H.

the local database mentioned in step three in certain systems could be the .ssh/known_hosts file. So to answer your question the public key is sent to the client by the host during the key-exchange.

The following public key and/or certificate formats are currently defined:

ssh-dss REQUIRED sign Raw DSS Key

ssh-rsa RECOMMENDED sign Raw RSA Key

pgp-sign-rsa OPTIONAL sign OpenPGP certificates (RSA key)

pgp-sign-dss OPTIONAL sign OpenPGP certificates (DSS key)


This file is, effectively, your personal Certificate Authority. It is the list of all SSH server host public keys that you have determined are accurate. Each entry in known_hosts is one big line with three or more whitespace separated fields as follows:

a. One or more server names or IP Addresses, joined together by commas.

foo.com,107.180.00.00

b. The type of key.

ssh-rsa

c. The public key data itself encoded to stay within the ASCII range.

AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk+9ClqoSgfcu4vXbWtUGSjo75UVQf+uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t+biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM+S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO+4BZfwvH3HSSH8IWoyFhki+NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A+U1fff

d. Any optional comment data.

Also!! This thread might be of use for you:

https://security.stackexchange.com/a/20710

Tags:

Ssh