Hi,
Was this change forwarded to the OpenSSH developers? I am sure that if
it is indeed better security-wise to hash the known_hosts file, they
would change the default configuration upstream. I'm also sure that they
would give very good reasons for not wanting to do so.
Thanks,
Dimitris
On Wed, May 21, 2008 at 4:50 PM, Dimitrios Apostolou [EMAIL PROTECTED] wrote:
Hi,
Was this change forwarded to the OpenSSH developers? I am sure that if
it is indeed better security-wise to hash the known_hosts file, they
would change the default configuration upstream. I'm also sure that
On Wed, May 21, 2008 at 9:50 AM, Dimitrios Apostolou [EMAIL PROTECTED] wrote:
Hi,
Was this change forwarded to the OpenSSH developers? I am sure that if
it is indeed better security-wise to hash the known_hosts file, they
would change the default configuration upstream. I'm also sure that
eliott schrieb:
Just because you can't see it doesn't mean it doesn't exist.
unhashed known_hosts *is* more unsecure.
If someone gets access to your account, they would get
a) your key
b) a list of hosts that the key is valid for
hey! great!
Compund this with the fact that many people use
Just on a whim, I decided to try out the Debian tool to scan for weak
keys resulting from the recent openssl security hole. And lo and
behold, it found 2 weak keys in my known_hosts file!
Problem is, though, since Arch recently turned on HashKnownHosts by
default in ssh_config, those 2 lines
On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch [EMAIL PROTECTED] wrote:
Just on a whim, I decided to try out the Debian tool to scan for weak keys
resulting from the recent openssl security hole. And lo and behold, it
found 2 weak keys in my known_hosts file!
Problem is, though, since
Aaron Griffin schrieb:
On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch [EMAIL PROTECTED] wrote:
Problem is, though, since Arch recently turned on HashKnownHosts by default
in ssh_config, those 2 lines in the known_hosts file are encrypted, and so I
don't know which host machines that I've
Thomas Bächler wrote:
I didn't find out about this change until much later - and it pissed me
off. For no apparent reason, we changed the default configuration of
openssh at one point and now I have an obfuscated known_hosts file.
I agree - it would have been better for there to have been a
On 5/20/08, Thomas Bächler [EMAIL PROTECTED] wrote:
Aaron Griffin schrieb:
On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch [EMAIL PROTECTED]
wrote:
Problem is, though, since Arch recently turned on HashKnownHosts by
default
in ssh_config, those 2 lines in the known_hosts file are
On Tue, May 20, 2008 at 8:46 PM, eliott [EMAIL PROTECTED] wrote:
On 5/20/08, Thomas Bächler [EMAIL PROTECTED] wrote:
Aaron Griffin schrieb:
On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch [EMAIL PROTECTED]
wrote:
Problem is, though, since Arch recently turned on HashKnownHosts by
10 matches
Mail list logo