SSH host key check fails on Debian version, but not on MacOS version

Question

I have this strange situation with host-key checking. ssh -v github.com:

• works with "OpenSSH_7.9p1, LibreSSL 2.7.3" on MacOS Mojave (10.14.5 (18F132)):

  debug1: Server host key: ssh-rsa 
  SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
  debug1: Host 'github.com' is known and matches the RSA host key.
  debug1: Found key in /Users/dominik/.ssh/known_hosts:1
  

  I then get asked for the passphrase.
• does not work with "OpenSSH_7.9p1 Debian-10, OpenSSL 1.1.1c 28 May 2019" on Docker image debian:buster-20190708:

  debug1: Server host key: ssh-rsa SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8
  The authenticity of host 'github.com (140.82.118.4)' can't be established.
  RSA key fingerprint is SHA256:nThbg6kXUpJWGl7E1IGOCspRomTxdCARLviKw6E5SY8.
  Are you sure you want to continue connecting (yes/no)?
  

My ~/.ssh/known_hosts file:

github.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

The Docker command I used is: docker run --rm -it -v ~/.ssh/:/root/.ssh/ debian:buster-20190708 sh -c 'apt-get update && apt-get install -y ssh && ssh -v github.com'

Answer 1

I've found the answer:

Run ssh-keyscan -H, as @notStan mentioned in his comment, on the host machine. It hashes all hostnames in known_hosts (the original is backed up in known_hosts.old).

Debian's default OpenSSH config in /etc/ssh/ssh_config sets the option HashKnownHosts yes. It then seems to not read unhashed hostnames, in this case github.com.