Skip to content
Connect

Managing Known Hosts

What is known_hosts file?

Section titled “What is known_hosts file?”

When you connect to a server for the first time using SFTP, the server presents its public key, and Connect tool asks, “Do you trust this server?” If you say yes, that key gets saved in the known_hosts file. The next time you connect, Connect tool checks that the server’s public key matches what’s saved in that file. If it doesn’t match—like in a case where the server has been reinstalled, or you’re being targeted in a man-in-the-middle attack. Connect tool will warn you about it. known_hosts file is located in the ~/.connect/ directory.

Checking known_hosts file - interactive mode

Section titled “Checking known_hosts file - interactive mode”

Connect checks the known_hosts file whenever you reach out to an SFTP endpoint.
In interactive mode, unknown or changed host keys trigger an inline prompt:

Terminal window
$ connect ls sftp://monitor01:password@10.0.0.24/
The key (SHA256:v/goXq57T++lsDmeYduLCRJEUzEqf9u9OybWiHt3VRc) of 10.0.0.24:22 is unknown. Do you want to add this key to known_hosts (y/n): y
Name        Size      ModTime
incoming/   -         2025-06-25T13:23:33Z

If the stored key differs from what the server presents, Connect highlights the mismatch and offers to update it:

Terminal window
$ connect ls sftp://monitor01:password@10.0.0.24/
The key (SHA256:v/goXq57T++lsDmeYduLCRJEUzEqf9u9OybWiHt3VRc) of 10.0.0.24:22 does not match the one in known_hosts. Do you want to update this key in known_hosts (y/n): y
Name        Size      ModTime
incoming/   -         2025-06-25T13:25:19Z

Checking known_hosts file - batch mode

Section titled “Checking known_hosts file - batch mode”

When you run commands with --batch, Connect never prompts—unknown keys cause an immediate failure:

Terminal window
$ connect copy --batch file1.zip sftp://monitor01:password@10.0.0.24/
2025/06/25 13:26:56 ERROR Failed to start SFTP session error=ssh: handshake failed: knownhosts: key is unknown file=file1.zip

Add the host key interactively (or pre-populate ~/.connect/known_hosts) before re-running an automated job:

Terminal window
$ connect ls sftp://monitor01:password@10.0.0.24/
The key (SHA256:v/goXq57T++lsDmeYduLCRJEUzEqf9u9OybWiHt3VRc) of 10.0.0.24:22 is unknown. Do you want to add this key to known_hosts (y/n): y