On 5/21/08, Thomas Bächler <thomas@archlinux.org> wrote:
The point is, without any notice, we provided a different configuration file than the upstream configuration file. That's not how we do it, we always provide the upstream configuration file.
wrong. We provide 'sane defaults'. I consider security to be sane. I guess you don't. That is fine, for you.
If someone thinks that having unhased known_hosts is a security problem, then he/she can change this configuration option on his/her system, that is how Arch works.
If someone thinks that having unhashed known_hosts isn't a security problem, then he/she can change this configuration option on his/her system. That is how arch works. See what I did there?
But now that hashed known_hosts silently became the default, I cannot revert back.
Sure you can. 1. copy the known hosts file to a backup location. 2. Change the option (set it in your .ssh/config. This file overrides the defaults if you were not aware), and remove the known_hosts file. 3. Connect to hosts. When an entry is made, do a hash compare if you are concerned that the remote keyprint might have changed (ssh-keygen can output a known_hosts hash for a non hashed known hosts file). Also.. fyi.. knownhosts hashing option does not automagically convert an unhashed known_hosts file. It would simply add hashed elements to the file, resulting in a mix of hashed and non hashed. You would have had to run ssh-keygen on the known_hosts file to get a full conversion. So if all you have are hashed files, then you must have at some point: - done a reinstall - nuked the file and rebuilt it - converted it manually yourself - never actually cared about the change until you were slightly inconvenienced.