== Some brief notes on OpenSSH's [[known_hosts|]] hashing

A number of current distributions of OpenSSH default to storing host
names and IP addresses in ((~/.ssh/known_hosts)) in a hashed form,
in order to make it harder for an intruder to work out where else
you have an account on that you access from this system (this is the
_HashKnownHosts_ option for _ssh_). Since I recently wound up digging
into this and the details are underdocumented, here's what I know about
how this works.

The summary is that this is your traditional one-way cryptographic
hash. The specific hash is a SHA1-based HMAC, but I strongly suggest not
writing any code that knows that. The host name or IP address is treated
like a password and hashed together with a random salt; both the salt
and the HMAC result are stored in the [[known_hosts|]] line. Matching
the line later is done by extracting the salt, HMAC'ing your candidate
hostname with it, and seeing if you got the same encrypted result.

(The salt appears to have relatively strong randomness.)

This means that checking to see if a particular host is present in a
[[known_hosts|]] file requires computing a separate HMAC for each line
in the file. I imagine that this is not a problem in practice since
most people have relatively short [[known_hosts|]] files and SHA1 HMAC
is relatively fast. As with unencrypted hostnames, it's possible to
have multiple entries for a given host in [[known_hosts|]], each with a
different key; if all of the hostnames are hashed, this may not be at
all obvious.

(See _sshd(8)_ for how multiple entries for a single host work. The
short answer is that OpenSSH considers itself to have found a known host
key if any of them match.)

This all means that hashed [[known_hosts|]] files are system independent
and will continue working fine when moved to a different host.

(As it turned out, the problem I was seeing was because my new test
system had a different system known hosts file. Once I fixed that,
everything worked, but I almost went off on a complete wild goose chase
worrying about potential system dependent hashing of [[known_hosts|]].
Having a hashed [[known_hosts|]] did make it less obvious that the other
host's key wasn't even in it, though.)