I did not have an .ssh directory until I ran
ssh user@foo.com
This created a .ssh directory with one file known_hosts.
It had some text like this in it.
foo.com,107.180.00.00 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk+9ClqoSgfcu4vXbWtUGSjo75UVQf+uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t+biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM+S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO+4BZfwvH3HSSH8IWoyFhki+NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A+U1fff
I thought this might have been a public or private key pulled of my server some how, but it was not.
What is this, and what is it used for?
I'm just trying to learn more about ssh and how it works. For example in this case I did not setup the private key on the local machine so it prompted for a password as expected.
Research
It's suppose to be a public key for the server according to
https://security.stackexchange.com/questions/20706/what-is-the-difference-between-authorized-key-and-known-host-file-for-ssh
To add to the answer above and your comment,
There are four building blocks for ssh session
- Encryption( symmetric keys derived after key exhange per session)
- Data integrity (MAC using eg SHA,HMAC )
- Key exchange methods
- Public key methods or host key methods
the SSH algorithm negotiation involves a key exchange state machine
which begins when the SSH_MSG_KEXINIT message along with algorithms list is sent.
The key exchange method or simply kex specifies session keys for encryption and host authentication host public keys(ssh-rsa, ssh-dss ..) that are sent to the client. The step below are the basic steps that take place for kex using Diffie hellman key exchange algorithm
quoting the RFC https://tools.ietf.org/html/rfc4253
The following steps are used to exchange a key. In this, C is the
client; S is the server; p is a large safe prime; g is a generator
for a subgroup of GF(p); q is the order of the subgroup; V_S is S's
identification string; V_C is C's identification string; K_S is S's
public host key; I_C is C's SSH_MSG_KEXINIT message and I_S is S's
SSH_MSG_KEXINIT message that have been exchanged before this part
begins.
C generates a random number x (1 < x < q) and computes
e = g^x mod p. C sends e to S.
S generates a random number y (0 < y < q) and computes
f = g^y mod p. S receives e. It computes K = e^y mod p,
H = hash(V_C || V_S || I_C || I_S || K_S || e || f || K)
(these elements are encoded according to their types; see below),
and signature s on H with its private host key. S sends
(K_S || f || s) to C. The signing operation may involve a
second hashing operation.
C verifies that K_S really is the host key for S (e.g., using
certificates or a local database). C is also allowed to accept
the key without verification; however, doing so will render the
protocol insecure against active attacks (but may be desirable for
practical reasons in the short term in many environments). C then
computes K = f^x mod p, H = hash(V_C || V_S || I_C || I_S || K_S
|| e || f || K), and verifies the signature s on H.
the local database mentioned in step three in certain systems could be the .ssh/known_hosts file.
So to answer your question the public key is sent to the client by the host during the key-exchange.
The following public key and/or certificate formats are currently defined:
ssh-dss REQUIRED sign Raw DSS Key
ssh-rsa RECOMMENDED sign Raw RSA Key
pgp-sign-rsa OPTIONAL sign OpenPGP certificates (RSA key)
pgp-sign-dss OPTIONAL sign OpenPGP certificates (DSS key)
This file is, effectively, your personal Certificate Authority. It is the list of all SSH server host public keys that you have determined are accurate. Each entry in known_hosts is one big line with three or more whitespace separated fields as follows:
a. One or more server names or IP Addresses, joined together by commas.
foo.com,107.180.00.00
b. The type of key.
ssh-rsa
c. The public key data itself encoded to stay within the ASCII range.
AAAAB3NzaC1yc2EAAAABIwAAAQEAuJfqSnraBz//Ux4j/hZpLv2eYUxNUgCk+9ClqoSgfcu4vXbWtUGSjo75UVQf+uguOeBnRLppJJ3mt0R5c/PPcawUGWfffk33t+biYcqra9xUcyfiGtO/Icko2L1J0EYTXM/8x8VK6UYFMfad2gltnZRa8Am50oHTXot1Df0RljUBxvh/UhmTJUrODpyrl2xY1OMWjM+S6uYCMNeSQGEpNfsWiCIStRnctMZSxiYJOLTSC4F2GF7B8pYFBn5rSwVHp17WCdO+4BZfwvH3HSSH8IWoyFhki+NlG912SEBJXcryvc0JPfAB9DTB4mRImjgrRT8vz5QeaCDrh8k4/A+U1fff
d. Any optional comment data.
Also!!
This thread might be of use for you:
https://security.stackexchange.com/a/20710
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 贪生不怕死 的文章《What is actually in known_hosts? [closed]》','https://www.manongdao.com/article-547551.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}