When the host key is received during the first connection to a remote host (or when the host key has changed) and you choose to save the key, its filename is stored in hashed format,
hhh is a hash of the host port and name. The saved file contains a hash of the host's public key. A salt is included in the hash calculations. The value of the salt is stored in the file
salt in the same directory as the host keys (
$HOME/.ssh2/hostkeys on Unix, "
%USERPROFILE%\Application Data\SSH\HostKeys" on Windows). The hashed host key format is a security feature to make address harvesting on the hosts difficult.
In the plain (traditional) format, the name of a host key file includes the hosts's name and port, as in
key_22_host.example.com.pub, and the file contains the host's public key in plaintext format.
If you are adding the keys manually, the keys should be named with the
key_<port>_<host>.pub pattern, where
<port> is the port the Secure Shell server is running on and
<host> is the hostname you use when connecting to the server (for example,
If both the hashed and clear-text format keys exist, the hashed format takes precedence.
Note that the identification is different based on the host and port the client is connecting to. For example, the short hostname
alpha is considered different from the fully qualified domain name
alpha.example.com. Also a connection with an IP, for example
10.1.54.1, is considered a different host, as is a connection to the same host but different port, for example
After the first connection, the local copy of the server public key will be used in server authentication.