If I run git clone [email protected]:some-org/some-repo.git, I'm prompted with the following:
The authenticity of host 'github.com (192.30.253.113)' can't be established.
RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
Obviously, I verify the fingerprint against the list at https://help.github.com/articles/github-s-ssh-key-fingerprints/, and respond yes:
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'github.com,192.30.253.113' (RSA) to the list of known hosts.
...etc.
That results in two entries being added to my ~/.ssh/known_hosts file, both with the same key, both hashed.
If I confirm the key with ssh-keyscan github.com, the key matches.
But why do I have two entries in known_hosts, rather than one?
Normally, the
known_hostsfile contains a list of the hostnames/IP addresses on every line. But this is not used when the hostnames are hashed (for simplification of the matching?) as described in the manual page forsshd:So to answer your question,
One of them is
github.comand the other192.30.253.113exactly as you confirmed in the promptIf you turn the known hosts hashing off (there is no good reason to do that), you will get only one line such as I have:
github.com,192.30.252.128 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==