On Tue, Jun 16, 2009 at 11:46 PM, prad<prad@xxxxxxxxxxxxxxxxxx> wrote: > On Tue, 16 Jun 2009 19:49:24 -0500 > Dan McGee <dpmcgee@xxxxxxxxx> wrote: > >> which also autocomplete >> without having to remove the "security" of host name hashing >> > dan, > i tried that too last night, but forgot to wipeout the known_hosts file. > > what exactly is the benefit of host name hashing? is it to prevent > other users from knowing what's in known_hosts as far as names of the > other computers go? > > even if they do know, what can they do without having an account? > > or is my reasoning too simplistic? Knowing your known_hosts, if someone hacks one account they, in essence, hack all of them - assuming you have ssh keys setup (or use the same password everywhere), they now have a list of where your key works
