The known_hosts file lets the client authenticate the server, to check that it isn‘t connecting to an impersonator. The authorized_keys file lets the server authenticate the user.
One of the first things that happens when the SSH connection is being established is that the server sends its public key to the client, and proves (thanks to public-key cryptography) to the client that it knows the associated private key. This authenticates the server: if this part of the protocol is successful, the client knows that the server is who it claims it is.
The client may check that the server is a known one, and not some rogue server trying to pass off as the right one. SSH provides only a simple mechanism to verify the server‘s legitimacy: it remembers servers you‘ve already connected to, in the ~/.ssh/known_hosts file on the client machine (there‘s also a system-wide file /etc/ssh/known_hosts). The first time you connect to a server, you need to check by some other means that the public key presented by the server is really the public key of the server you wanted to connect to. If you have the public key of the server you‘re about to connect to, you can add it to ~/.ssh/known_hosts on the client manually.
By the way, known_hosts can contain any type of public key supported by the SSH implementation, not just DSA (also RSA and ECDSA).
Authenticating the server has to be done before you send any confidential data to it. In particular, if the user authentication involves a password, the password must not be sent to an unauthenticated server.
The server only lets a remote user log in if that user can prove that they have the right to access that account. Depending on the server‘s configuration and the user‘s choice, the user may present one of several forms of credentials (the list below is not exhaustive).
~/.ssh/authorized_keys on the server).【转载】What is the difference between authorized_keys and known_hosts file for SSH?
原文:https://www.cnblogs.com/liawne/p/9269733.html