On 06/01/2022 06:08, Nico Kadel-Garcia wrote:
On Wed, Jan 5, 2022 at 10:38 AM Jochen Bern<Jochen.Bern@xxxxxxxxx> wrote:
The hashing is meant to obscure info about what host it matches, so the
relevant failure mode is if the hash algo would become*reversible*.
And normally, it's the opposite of helpful. The known_hosts is useful
for casual review and for tuning .ssh/config as desired for more
specific uses, and the hashing obscures the commonly used SSH targets.
I agree. I find HashKnownHosts annoying, and I always turn it off when I
remember to do so. Typically this happens when I need to trim some
entries from known_hosts, and then I find it has been hashing it up to
the current point in time.
Of course, I shouldn't have to turn it off, because the default is
'no', I guess many distros set 'HashKnownHosts yes' in
/etc/ssh/ssh_config because they want to be seen to choose the "secure"
option by default. However the threat model seems pretty pointless to
me. If an attacker has access to my account to the level that they can
read my known_hosts file, then I have far worse problems than them
seeing a list of hostnames, which they can obtain in many other ways.
Should I care about other system users reading this info, there's always
chmod 700 (on the .ssh directory, or my whole home directory). If
known_hosts itself were created mode 600 by default, I wouldn't object.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
