On Tue, Aug 10, 2010 at 09:07:21AM -0600, Stephen John Smoogen wrote: > On Sun, Aug 8, 2010 at 14:04, Matt McCutchen <matt@xxxxxxxxxxxxxxxxx> wrote: > > On Thu, 2010-08-05 at 22:23 +0200, Till Maas wrote: > >> Yes ssh is secure if used properly. To get the proper known_hosts entry, > >> one has to download https://admin.fedoraproject.org/ssh_known_hosts btw. > > > > I'm very glad to see that Fedora provides such a list. I just installed > > it on my computer (after filtering out hostnames not ending with > > fedoraproject.org, for obvious reasons). > > > > Is it documented anywhere? For full security, every packager should > > install it rather than allowing ssh to add host keys on first use. > > Well I am not sure that file would be all that useful as it contains > lots of hosts a packager would not get to AND could conflict with > other networks as it contains a lot of 10.X.X. and 192.X.X. ips. It > also gets updated from time to time as we rebuild hosts. I cleaned up my tools to manage the fedora ssh known hosts file and copied it to fedorapeople.org: http://till.fedorapeople.org/files/fedora-ssh-known-hosts/ It allows to easily update the file and to filter out unwanted entries. Regards Till
Attachment:
pgpmSa29LZF7A.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
