Why are 3 entries added to ~/.ssh/known_hosts even though I use only a single key type?

I set up a new server (hostname: odroid) and copied my public ed25519 key to it.

I signed to it for the first time and noticed 3 new entires have been added to ~/.ssh/known_hosts on my local machine:

odroid ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDnb0Xd02liZf5KJLuvmaQ/6Yo3Jsr4g427ly8AzmhjI
odroid ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4ZPifCej2M/lZofl12auXhXUWzoNwWvOBjLntmR0sWwlF9xnb/NAq8qoyUctYUFEo2llrs/B2uvg5nKyQFTFYzJtTsNMlYvn4Bf/xLuPe8I7ZB1TgTKWru9mwpBOPifahIxiK0X2gtkAkzdRlTKW532dNltI+2naF2RKRYYa8fAV1FNxhAQOTb5u3WHXVW2WG1GZIPLxqObqO33egf4nt74ir1aWUUU4/YRMYUYc28xdHbpKu4QXrvuHGsY4J7VDRA5msMEXGsbIcb4m99xmxYj2n9v7D/soeEpOB1JKA/VKrXK5vSvzujMuzCaOJr/PbJUP7eKAthCQdXubAtj9h8DLLOWmz76nHeH23p4Fdqjp3B0kgCtzwVNr0SAdOnGWMEBq2bHOkjuYfQHgJJBrTe5dc19WyJQIehC4fpqX2PE/JVvv4a/km2CiFNdDPybHaZvFWtAMRyrSsP844+oLsMrQUAlQX5WnYCf7iHj2ujR0VOD0NMdwzaILsaAxvrAU=
odroid ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPRjuYovCQ1dLKryILWs2YikUrtVGXNZMa6wMBSUd1JpLGQAo/KxE0Ib3nNEk43iWOB73e9cPWz0AdMeBTI1G8c=

Why is that? Can I force my ssh client to only insert the entry for ssh-ed25519 and not for ssh-rsa and ecdsa-sha2-nistp256?

Asked By: Bartek Pacia


Those are the server’s host keys, by which your SSH client verifies that future connections aren’t to some other server trying to impersonate this one. They have nothing to do with which key is used to authenticate your user to that server, or even whether you use a key at all.

While it may be possible to force your client to save only one type of key, there’s no good reason to do so. In fact, saving keys of multiple types allows the server to rotate the key of any given type by updating and keeping the other unchanged, and this makes life easier for the people managing that server.

Answered By: muru
Categories: Answers Tags: ,
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.