[CentOS] sshd hack

Scot L. Harris webid at cfl.rr.com
Sat Mar 11 18:13:56 UTC 2006

On Sat, 2006-03-11 at 09:32 -0800, Bruno S. Delbono wrote:

> Not only that, but newer versions of SSH allow you to encrypt your 
> known_hosts file. From Damien Miller's Post:
> Added the ability to store hostnames added to ~/.ssh/known_hosts in a 
> hashed format. This is a privacy feature that prevents a local attacker 
> from learning other hosts that a user has accounts on from their 
> known_hosts file.

Interesting option.  How do you sort out the problem when the remote
host key changes (such as reloading the OS) and you need to delete the
entry in the known_hosts file so ssh will work again with that system?

I understand the purpose of the option, just not sure how it would work
when such changes occur.  Deleting the entire known_hosts file would not
be a good option IMHO.

And how secure does this make the known_hosts file?  Is it a simple hash
that can be obtained from the source?  

More information about the CentOS mailing list