Comment 3 for bug 893400

I've ammended the original example to use "cat" instead of "cut" as it looks like the specific number of fields in the key may vary for some older formats (rsa1) and it removes the objection that I invented anything. I had been hoping to exclude the comment field, but agree it's not worth the effort/risk.

The man page for sshd(8) documents the format for /etc/ssh/ssh_known_hosts and ~/.ssh/known_hosts in the "SSH_KNOWN_HOSTS FILE FORMAT" section. It includes the paragraphs:

    Bits, exponent, and modulus are taken directly from the RSA host key;
    they can be obtained, for example, from /etc/ssh/ssh_host_key.pub. The
    optional comment field continues to the end of the line, and is not used.

and::

    [generate lines in known_hosts] by a script, ssh-keyscan(1) or by taking
    /etc/ssh/ssh_host_key.pub and adding the host names at the front.

I suppose you could copy the information out of these files using ssh-keygen, but it converts the key to a different format.

I lean towards copying the public key file directly because:

 - It's easier to find and manipulate single lines in the console output, instead of the multi-line output of ssh-keygen.

 - The public key file contains exactly the format that we will drop into known_hosts, instead of having to convert the output of ssh-keygen back into something usable. (I'm not even sure what tool you use to do that, though on experimentation it looks like it's a process of cutting out headers, reassembling lines and adding the appropriate keytype string.)