On Sat, 2006-03-11 at 09:32 -0800, Bruno S. Delbono wrote:
Not only that, but newer versions of SSH allow you to encrypt your known_hosts file. From Damien Miller's Post:
Added the ability to store hostnames added to ~/.ssh/known_hosts in a hashed format. This is a privacy feature that prevents a local attacker from learning other hosts that a user has accounts on from their known_hosts file.
Interesting option. How do you sort out the problem when the remote host key changes (such as reloading the OS) and you need to delete the entry in the known_hosts file so ssh will work again with that system?
I understand the purpose of the option, just not sure how it would work when such changes occur. Deleting the entire known_hosts file would not be a good option IMHO.
And how secure does this make the known_hosts file? Is it a simple hash that can be obtained from the source?