On Wed, 17 Jun 2009 00:12:02 -0500 Aaron Griffin <aaronmgriffin@gmail.com> wrote:
Knowing your known_hosts, if someone hacks one account they, in essence, hack all of them - assuming you have ssh keys setup (or use the same password everywhere), they now have a list of where your key works
ok i see the idea. so it all boils down to being able to crack one account first though. the known_hosts just tells you what the others locations are. however, having access to the known_hosts doesn't make it possible to crack anything right, because the actual key is stored elsewhere. i just looked at the known_hosts file (not encrypted) and saw that each entry has a ssh-rsa portion to it. that has no relation to the rsa keys i generate with ssh-keygen, so what purpose does it serve? there is no manpage for known_hosts, so is there some doc that can explain the structure of this file? -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's