On Tue, May 20, 2008 at 8:46 PM, eliott <eliott@cactuswax.net> wrote:
On 5/20/08, Thomas Bächler <thomas@archlinux.org> wrote:
Aaron Griffin schrieb:
On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch <darose@darose.net> wrote:
Problem is, though, since Arch recently turned on HashKnownHosts by default in ssh_config, those 2 lines in the known_hosts file are encrypted, and so I don't know which host machines that I've been ssh'ing into are affected by the problem.
I think the whole point is that they *are* one way hashes. The only think I can think of is to find the algorithm they use (sha1?) and hash the hostnames that you know, then compare.
I didn't find out about this change until much later - and it pissed me off. For no apparent reason, we changed the default configuration of openssh at one point and now I have an obfuscated known_hosts file. I don't see any security impact in having the hosts unhashed.
For the record, this change is almost exactly a year old: http://repos.archlinux.org/viewvc.cgi/core/support/openssh/PKGBUILD?root=core&r1=1.56&r2=1.57 I actually think it is a pretty good idea. We could have probably made it more visible, but at the same time, don't we always gripe at users for not checking their config files?
Just because you can't see it doesn't mean it doesn't exist. unhashed known_hosts *is* more unsecure.
If someone gets access to your account, they would get a) your key b) a list of hosts that the key is valid for
hey! great!
Compund this with the fact that many people use keys without a passphrase (a bad practice), someone can 'harvest' known_host data, and worm out to other hosts.. here is the kicker ... in a way that is easily automated.
I agree. The implications of knowing a list of hosts that a user has access to is HUGE. Gaining access to a user account suddenly becomes much more dangerous