Aaron Griffin schrieb:
On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch <darose@xxxxxxxxxx> wrote:Problem is, though, since Arch recently turned on HashKnownHosts by default in ssh_config, those 2 lines in the known_hosts file are encrypted, and so I don't know which host machines that I've been ssh'ing into are affected by the problem.I think the whole point is that they *are* one way hashes. The only think I can think of is to find the algorithm they use (sha1?) and hash the hostnames that you know, then compare.
I didn't find out about this change until much later - and it pissed me off. For no apparent reason, we changed the default configuration of openssh at one point and now I have an obfuscated known_hosts file. I don't see any security impact in having the hosts unhashed.
Attachment:
signature.asc
Description: OpenPGP digital signature
