diff --git a/docs/libssh2_knownhost_check.3 b/docs/libssh2_knownhost_check.3
index 6a3143d..5d2643f 100644
--- a/docs/libssh2_knownhost_check.3
+++ b/docs/libssh2_knownhost_check.3
@@ -10,7 +10,7 @@ libssh2_knownhost_check - check a host+key against the list of known hosts
 int libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
                             char *host, char *key, size_t keylen,
                             int typemask,
-                            struct libssh2_knownhost *knownhost);
+                            struct libssh2_knownhost **knownhost);
 .SH DESCRIPTION
 Checks a host and its associated key against the collection of known hosts,
 and returns info back about the (partially) matched entry.
@@ -34,8 +34,8 @@ The key is encoded using one of the following encodings:
 LIBSSH2_KNOWNHOST_KEYENC_RAW or LIBSSH2_KNOWNHOST_KEYENC_BASE64.
 
 \fIknownhost\fP if set to non-NULL, it must be a pointer to a 'struct
-libssh2_knownhost' which gets filled in with info about a match or a partial
-match.
+libssh2_knownhost' pointer that gets filled in to point to info about a known
+host that matches or partially matches.
 .SH RETURN VALUE
 \fIlibssh2_knownhost_check(3)\fP returns info about how well the provided
 host + key pair matched one of the entries in the list of known hosts.
diff --git a/docs/libssh2_knownhost_get.3 b/docs/libssh2_knownhost_get.3
index 90b8c09..d725f8d 100644
--- a/docs/libssh2_knownhost_get.3
+++ b/docs/libssh2_knownhost_get.3
@@ -8,14 +8,14 @@ libssh2_knownhost_get - get a known host off the collection of known hosts
 #include <libssh2.h>
 
 int libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts,
-                          struct libssh2_knownhost *store,
+                          struct libssh2_knownhost **store,
                           struct libssh2_knownhost *prev):
 .SH DESCRIPTION
 \fIlibssh2_knownhost_get(3)\fP allows an application to iterate over all known
 hosts in the collection.
 
-\fIstore\fP should point to a memory area allocated to fit a struct stored by
-this function.
+\fIstore\fP should point to a pointer that gets filled in to point to the
+known host data.
 
 \fIprev\fP is a pointer to a previous 'struct libssh2_knownhost' as returned
 by a previous invoke of this function, or NULL to get the first entry in the
diff --git a/include/libssh2.h b/include/libssh2.h
index 3fab2a3..2d12c7b 100644
--- a/include/libssh2.h
+++ b/include/libssh2.h
@@ -758,7 +758,7 @@ LIBSSH2_API int
 libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
                         char *host, char *key, size_t keylen,
                         int typemask,
-                        struct libssh2_knownhost *knownhost);
+                        struct libssh2_knownhost **knownhost);
 
 /*
  * libssh2_knownhost_del
@@ -855,7 +855,7 @@ libssh2_knownhost_writefile(LIBSSH2_KNOWNHOSTS *hosts,
  */
 LIBSSH2_API int
 libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts,
-                      struct libssh2_knownhost *store,
+                      struct libssh2_knownhost **store,
                       struct libssh2_knownhost *prev);
 
 /* NOTE NOTE NOTE
diff --git a/src/knownhost.c b/src/knownhost.c
index 60ae77c..d38132b 100644
--- a/src/knownhost.c
+++ b/src/knownhost.c
@@ -40,6 +40,26 @@
 #include "libssh2_priv.h"
 #include "misc.h"
 
+struct known_host {
+    struct list_node node;
+    char *name;      /* points to the name or the hash (allocated) */
+    size_t name_len; /* needed for hashed data */
+    int typemask;    /* plain, sha1, custom, ... */
+    char *salt;      /* points to binary salt (allocated) */
+    size_t salt_len; /* size of salt */
+    char *key;       /* the (allocated) associated key. This is kept base64
+                        encoded in memory. */
+
+    /* this is the struct we expose externally */
+    struct libssh2_knownhost external;
+};
+
+struct _LIBSSH2_KNOWNHOSTS
+{
+    LIBSSH2_SESSION *session;  /* the session this "belongs to" */
+    struct list_head head;
+};
+
 static void free_host(LIBSSH2_SESSION *session, struct known_host *entry)
 {
     if(entry) {
@@ -183,17 +203,18 @@ libssh2_knownhost_add(LIBSSH2_KNOWNHOSTS *hosts,
  * Copies data from the internal to the external representation struct.
  *
  */
-static void knownhost_to_external(struct known_host *node,
-                                  struct libssh2_knownhost *ext)
+static struct libssh2_knownhost *knownhost_to_external(struct known_host *node)
 {
-    if(ext) {
-        ext->magic = KNOWNHOST_MAGIC;
-        ext->node = node;
-        ext->name = ((node->typemask & LIBSSH2_KNOWNHOST_TYPE_MASK) ==
-                     LIBSSH2_KNOWNHOST_TYPE_PLAIN)? node->name:NULL;
-        ext->key = node->key;
-        ext->typemask = node->typemask;
-    }
+    struct libssh2_knownhost *ext = &node->external;
+
+    ext->magic = KNOWNHOST_MAGIC;
+    ext->node = node;
+    ext->name = ((node->typemask & LIBSSH2_KNOWNHOST_TYPE_MASK) ==
+                 LIBSSH2_KNOWNHOST_TYPE_PLAIN)? node->name:NULL;
+    ext->key = node->key;
+    ext->typemask = node->typemask;
+
+    return ext;
 }
 
 /*
@@ -218,7 +239,7 @@ LIBSSH2_API int
 libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
                         char *host, char *key, size_t keylen,
                         int typemask,
-                        struct libssh2_knownhost *knownhost)
+                        struct libssh2_knownhost **ext)
 {
     struct known_host *node = _libssh2_list_first(&hosts->head);
     struct known_host *badkey = NULL;
@@ -283,7 +304,7 @@ libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
             /* host name match, now compare the keys */
             if(!strcmp(key, node->key)) {
                 /* they match! */
-                knownhost_to_external(node, knownhost);
+                *ext = knownhost_to_external(node);
                 badkey = NULL;
                 rc = LIBSSH2_KNOWNHOST_CHECK_MATCH;
                 break;
@@ -300,7 +321,7 @@ libssh2_knownhost_check(LIBSSH2_KNOWNHOSTS *hosts,
 
     if(badkey) {
         /* key mismatch */
-        knownhost_to_external(badkey, knownhost);
+        *ext = knownhost_to_external(badkey);
         rc = LIBSSH2_KNOWNHOST_CHECK_MISMATCH;
     }
 
@@ -787,7 +808,7 @@ libssh2_knownhost_writefile(LIBSSH2_KNOWNHOSTS *hosts,
  */
 LIBSSH2_API int
 libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts,
-                      struct libssh2_knownhost *store,
+                      struct libssh2_knownhost **ext,
                       struct libssh2_knownhost *oprev)
 {
     struct known_host *node;
@@ -806,7 +827,7 @@ libssh2_knownhost_get(LIBSSH2_KNOWNHOSTS *hosts,
         /* no (more) node */
         return 1;
 
-    knownhost_to_external(node, store);
+    *ext = knownhost_to_external(node);
 
     return 0;
 }
diff --git a/src/libssh2_priv.h b/src/libssh2_priv.h
index 5920a47..4e2b08e 100644
--- a/src/libssh2_priv.h
+++ b/src/libssh2_priv.h
@@ -940,24 +940,6 @@ struct list_node {
 
 /* --------- */
 
-struct known_host {
-    struct list_node node;
-    char *name;      /* points to the name or the hash (allocated) */
-    size_t name_len; /* needed for hashed data */
-    int typemask;    /* plain, sha1, custom, ... */
-    char *salt;      /* points to binary salt (allocated) */
-    size_t salt_len; /* size of salt */
-    char *key;       /* the (allocated) associated key. This is kept base64
-                        encoded in memory. */
-};
-
-struct _LIBSSH2_KNOWNHOSTS
-{
-    LIBSSH2_SESSION *session;  /* the session this "belongs to" */
-    struct list_head head;
-};
-
-
 /* libssh2 extensible ssh api, ultimately I'd like to allow loading additional
    methods via .so/.dll */