Secure Your SSH Connections: How to Add to Known Hosts in Ubuntu

When connecting to remote servers over SSH, it’s important to verify the host’s identity before establishing a connection. This helps prevent man-in-the-middle attacks, where an attacker intercepts your connection and poses as the remote server to gain access to your credentials and data.

In Ubuntu, you can verify a host’s identity by adding its SSH public key fingerprint to your ~/.ssh/known_hosts file. This file stores a list of known hosts and their corresponding SSH public key fingerprints, which are used to verify the identity of the hosts you connect to.

To add to known hosts in Ubuntu, follow these steps:

Open the terminal in Ubuntu, type the following command and hit Enter:


This will output the SSH public key fingerprint for Copy the entire output.

Open the file ~/.ssh/known_hosts in a text editor. You can use the following command to open it in nano editor:

nano ~/.ssh/known_hosts

Scroll down to the end of the file, and paste the output you copied in step 3 on a new line.

Save the file by pressing Ctrl+O and then exit the editor by pressing Ctrl+X.

Alternatively, you can use the following command to add to known hosts in Ubuntu:

ssh-keyscan -H >> ~/.ssh/known_hosts

This command will append the SSH public key fingerprint for to your ~/.ssh/known_hosts file, without overwriting any existing entries. The -H option is used to hash the hostname and IP addresses in the output, making it more difficult for someone to use the output to launch an attack against your system.

To verify that the SSH public key fingerprint for has been added to your ~/.ssh/known_hosts file, you can use the following command in the terminal:

ssh-keygen -F

This command will look up the SSH public key fingerprint for in your ~/.ssh/known_hosts file and print it to the terminal. If the output matches the SSH public key fingerprint for, then you can be sure that it has been successfully added to your ~/.ssh/known_hosts file.

It’s important to note that you should always verify the SSH public key fingerprint for any new host you connect to before adding it to your ~/.ssh/known_hosts file. This can be done by contacting the host administrator and asking for their SSH public key fingerprint, or by using a trusted third-party service to verify the fingerprint.

You should also periodically review the contents of your ~/.ssh/known_hosts file and remove any entries that you no longer need. This can help prevent potential security issues if a host’s SSH public key fingerprint changes unexpectedly.

Finally, it’s worth noting that there are several tools available that can help automate the process of adding SSH public key fingerprints to your ~/.ssh/known_hosts file. These tools can be especially useful for managing large numbers of hosts or for automating the deployment of new servers.

In summary, adding to known hosts in Ubuntu is a simple but important step in securing your SSH connections. By taking the time to verify the SSH public key fingerprint for each host you connect to and regularly reviewing your ~/.ssh/known_hosts file, you can help ensure the security of your system and data.