On Tue, Sep 23, 2014 at 03:59:56PM -0700, Don Armstrong wrote: > On Tue, 23 Sep 2014, Keith Lawson wrote: > > On Tue, Sep 23, 2014 at 01:26:36PM -0700, Don Armstrong wrote: > > > Do you all of the ip addresses and hostnames listed for those keys in > > > known_hosts? > > > > These are all servers I've been connecting to for years so I should > > have their IP and host keys. > > Because the entries in known_hosts are hashed by default, it's not > trivial to determine this. > > If you've changed DNS resolution slightly, or if they now reverse to > different names, or you now can connect via IPv6, or the IP addresses > have changed, you will see this warning. > > This is one of the reasons why I (and Debian itself) don't use hashed > known hosts for machines.
Another good reason not to hash the known_hosts file: bash command completion - after "ssh" or "scp" the bash command completion will use ~/.ssh/known_hosts to suggest/complete hosts. Brilliant stuff. -- Karl E. Jorgensen -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140924074126.GA14490@hawking
