sshd hack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sat, 2006-03-11 at 09:32 -0800, Bruno S. Delbono wrote:

> Not only that, but newer versions of SSH allow you to encrypt your 
> known_hosts file. From Damien Miller's Post:
> 
> Added the ability to store hostnames added to ~/.ssh/known_hosts in a 
> hashed format. This is a privacy feature that prevents a local attacker 
> from learning other hosts that a user has accounts on from their 
> known_hosts file.
> 

Interesting option.  How do you sort out the problem when the remote
host key changes (such as reloading the OS) and you need to delete the
entry in the known_hosts file so ssh will work again with that system?

I understand the purpose of the option, just not sure how it would work
when such changes occur.  Deleting the entire known_hosts file would not
be a good option IMHO.

And how secure does this make the known_hosts file?  Is it a simple hash
that can be obtained from the source?  




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux