When the host key is received during the first connection to a
remote host (or when the host key has changed) and you choose to save
the key, its filename is stored in hashed format,
hhh is a hash of the host
port and name. The saved file contains a hash of the host's public key.
A salt is included in the hash calculations. The value of the salt is
stored in the file
salt in the same directory as the host
$HOME/.ssh2/hostkeys on Unix,
Data\SSH\HostKeys" on Windows). The hashed host key
format is a security feature to make address harvesting on the hosts
In the plain (traditional) format, the name of a host key file includes
the hosts's name and port, as in
and the file contains the host's public key in plaintext format.
If you are adding the keys manually, the keys should be named with the
key_<port>_<host>.pub pattern, where
<port> is the port the Secure Shell server
is running on and
<host> is the hostname
you use when connecting to the server (for example,
If both the hashed and clear-text format keys exist, the hashed format takes precedence.
Note that the identification is different based on the host and port
the client is connecting to. For example, the short hostname
alpha is considered different from the fully
qualified domain name
alpha.example.com. Also a
connection with an IP, for example
considered a different host, as is a connection to the same host but
different port, for example
After the first connection, the local copy of the server public key will be used in server authentication.