Gentoo Archives: gentoo-security

From: Thomas Schweikle <tps@××××××.de>
To: gentoo-security@l.g.o
Subject: [gentoo-security] Re: ssh - upgrade to v4 - hash known_hosts file
Date: Sat, 06 Aug 2005 19:07:07
Message-Id: 1123347088.831256@hazel
antoine schrieb:
> On Tue, 2005-05-17 at 12:42 -0400, James Larkby-Lahet wrote: >> >> *However* >> >> SSH version 4 and higher contain an option to hash the known_hosts >> >> database. Here's what the ssh config documentation has to say about >> >> this: >> >> I, for one, have frequently had to edit known_hosts manually. >> Experimental box dies, you reformat, new keys are generated, and then >> ssh flips its lid, which _is_ a feature. But, then I have to remove >> the offending line, and if the hostnames are hashed how am I to do >> that? > ssh tells you on which line the offending key is, that's how I delete > them - it is easier than looking for the hostname.
Yes, but what about having various lines refering all to the same host? There is no way to have it done fast, once, by deleting *all* refering lines, since there is no way to find out what other lines match this particular host. Such scenario is common in dhcp environments where you are connecting to hosts changing their IP with the next boot. -- Thomas -- gentoo-security@g.o mailing list