[CentOS] sshd hack

Sun Mar 12 01:25:33 UTC 2006
Scot L. Harris <webid at cfl.rr.com>

On Sun, 2006-03-12 at 06:12 +0530, Sudev Barar wrote:
> On 11/03/06, Scot L. Harris <webid at cfl.rr.com> wrote:
> > On Sat, 2006-03-11 at 09:32 -0800, Bruno S. Delbono wrote:
> >
> > > Not only that, but newer versions of SSH allow you to encrypt your
> > > known_hosts file. From Damien Miller's Post:
> > >
> > > Added the ability to store hostnames added to ~/.ssh/known_hosts in a
> > > hashed format. This is a privacy feature that prevents a local attacker
> > > from learning other hosts that a user has accounts on from their
> > > known_hosts file.
> > >
> >
> > Interesting option.  How do you sort out the problem when the remote
> > host key changes (such as reloading the OS) and you need to delete the
> > entry in the known_hosts file so ssh will work again with that system?
> >
> > I understand the purpose of the option, just not sure how it would work
> > when such changes occur.  Deleting the entire known_hosts file would not
> > be a good option IMHO.
> >
> > And how secure does this make the known_hosts file?  Is it a simple hash
> > that can be obtained from the source?
> 
> For sake of clarity let us not use remote or local but client and
> server. You an be client sitting on local machine logging into remote
> server or client on remote logging in to server which is local.
> 
> AFAIK You can just copy the .ssh/authorized_keys2 file from old server
> to new server As this includs public key of clinet the remote log in
> from client would still work.
> 
> SSH method of setting up keys in the first place assumes you can
> generate key at client (only if you have access) and then export the
> public key to server (only if you have access there to). Once this is
> done you can log in from that unique client to the server. However if
> the client changes then you need to go through the process of
> regenerating publc key and installing it on server.

I understand this with the authorized_keys file.  The original question
was regarding the hashing of the known_hosts file.  In my experience
there have been many times when I have had to remove entries in the
known_hosts file due to the host key changing on a system.  My question
was, if the known_hosts file is hashed how do you identify the entry for
the particular host so it can be removed when needed?