20 May
2008
20 May
'08
7:05 p.m.
Just on a whim, I decided to try out the Debian tool to scan for weak keys resulting from the recent openssl security hole. And lo and behold, it found 2 weak keys in my known_hosts file! Problem is, though, since Arch recently turned on HashKnownHosts by default in ssh_config, those 2 lines in the known_hosts file are encrypted, and so I don't know which host machines that I've been ssh'ing into are affected by the problem. Anyone know if there's any way to decrypt the hashes created by the HashKnownHosts setting? TIA, DR