[CentOS] sshd hack
Scot L. Harris
webid at cfl.rr.com
Sat Mar 11 18:13:56 UTC 2006
On Sat, 2006-03-11 at 09:32 -0800, Bruno S. Delbono wrote:
> Not only that, but newer versions of SSH allow you to encrypt your
> known_hosts file. From Damien Miller's Post:
>
> Added the ability to store hostnames added to ~/.ssh/known_hosts in a
> hashed format. This is a privacy feature that prevents a local attacker
> from learning other hosts that a user has accounts on from their
> known_hosts file.
>
Interesting option. How do you sort out the problem when the remote
host key changes (such as reloading the OS) and you need to delete the
entry in the known_hosts file so ssh will work again with that system?
I understand the purpose of the option, just not sure how it would work
when such changes occur. Deleting the entire known_hosts file would not
be a good option IMHO.
And how secure does this make the known_hosts file? Is it a simple hash
that can be obtained from the source?
More information about the CentOS
mailing list