On Sat, 2006-03-11 at 09:32 -0800, Bruno S. Delbono wrote: > Not only that, but newer versions of SSH allow you to encrypt your > known_hosts file. From Damien Miller's Post: > > Added the ability to store hostnames added to ~/.ssh/known_hosts in a > hashed format. This is a privacy feature that prevents a local attacker > from learning other hosts that a user has accounts on from their > known_hosts file. > Interesting option. How do you sort out the problem when the remote host key changes (such as reloading the OS) and you need to delete the entry in the known_hosts file so ssh will work again with that system? I understand the purpose of the option, just not sure how it would work when such changes occur. Deleting the entire known_hosts file would not be a good option IMHO. And how secure does this make the known_hosts file? Is it a simple hash that can be obtained from the source?