[arch-general] bash remote host completion gone
i had remote host completion: ssh hostna[tab] with my original debian .bashrc file. now with a new arch install it is gone and setting this export HOSTFILE=$HOME/.hosts doesn't bring it back even when i put the hostnames from /etc/hosts into that file. bash-completion is there and working just fine - except for the remote host completion. how can i get the remote hostnames to complete using [tab] again? -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's
On Tue, Jun 16, 2009 at 2:37 PM, prad<prad@towardsfreedom.com> wrote:
i had remote host completion: ssh hostna[tab] with my original debian .bashrc file.
now with a new arch install it is gone and setting this export HOSTFILE=$HOME/.hosts doesn't bring it back even when i put the hostnames from /etc/hosts into that file.
bash-completion is there and working just fine - except for the remote host completion.
how can i get the remote hostnames to complete using [tab] again?
You need to shutoff the host-hashing setting for ssh. In /etc/ssh/ssh_config (or your ~/.ssh/config), set "HashKnownHosts no"
On Tue, Jun 16, 2009 at 15:51, Aaron Griffin<aaronmgriffin@gmail.com> wrote:
On Tue, Jun 16, 2009 at 2:37 PM, prad<prad@towardsfreedom.com> wrote:
i had remote host completion: ssh hostna[tab] with my original debian .bashrc file.
now with a new arch install it is gone and setting this export HOSTFILE=$HOME/.hosts doesn't bring it back even when i put the hostnames from /etc/hosts into that file.
bash-completion is there and working just fine - except for the remote host completion.
how can i get the remote hostnames to complete using [tab] again?
You need to shutoff the host-hashing setting for ssh.
In /etc/ssh/ssh_config (or your ~/.ssh/config), set "HashKnownHosts no"
Additionally, you probably want to delete any hashed lines so they can be regenerated later.
On Tue, 16 Jun 2009 16:05:51 -0400 Daenyth Blank <daenyth+arch@gmail.com> wrote:
Additionally, you probably want to delete any hashed lines so they can be regenerated later.
that did it! i tried what aaron suggested last night actually and just now, but it never occurred to be that the known_hosts file was already hashed and therefore changing HashKnownHosts to 'no' wouldn't help until i deleted the file and started over again. this is also much better because i can remove a specific host by name rather than using ssh-keygen -R, which would remove one of the hashed lines, but i'd have to go in manually to do the other. thx aaron and daenyth!! -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's
On Tue, Jun 16, 2009 at 3:18 PM, prad<prad@towardsfreedom.com> wrote:
On Tue, 16 Jun 2009 16:05:51 -0400 Daenyth Blank <daenyth+arch@gmail.com> wrote:
Additionally, you probably want to delete any hashed lines so they can be regenerated later.
that did it!
i tried what aaron suggested last night actually and just now, but it never occurred to be that the known_hosts file was already hashed and therefore changing HashKnownHosts to 'no' wouldn't help until i deleted the file and started over again.
this is also much better because i can remove a specific host by name rather than using ssh-keygen -R, which would remove one of the hashed lines, but i'd have to go in manually to do the other.
thx aaron and daenyth!!
Another option is to add them to your ~/.ssh/config file as Host entries (with any additional settings), which also autocomplete without having to remove the "security" of host name hashing. -Dan
On Tue, 16 Jun 2009 19:49:24 -0500 Dan McGee <dpmcgee@gmail.com> wrote:
which also autocomplete without having to remove the "security" of host name hashing
dan, i tried that too last night, but forgot to wipeout the known_hosts file. what exactly is the benefit of host name hashing? is it to prevent other users from knowing what's in known_hosts as far as names of the other computers go? even if they do know, what can they do without having an account? or is my reasoning too simplistic? -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's
On Tue, Jun 16, 2009 at 11:46 PM, prad<prad@towardsfreedom.com> wrote:
On Tue, 16 Jun 2009 19:49:24 -0500 Dan McGee <dpmcgee@gmail.com> wrote:
which also autocomplete without having to remove the "security" of host name hashing
dan, i tried that too last night, but forgot to wipeout the known_hosts file.
what exactly is the benefit of host name hashing? is it to prevent other users from knowing what's in known_hosts as far as names of the other computers go?
even if they do know, what can they do without having an account?
or is my reasoning too simplistic?
Knowing your known_hosts, if someone hacks one account they, in essence, hack all of them - assuming you have ssh keys setup (or use the same password everywhere), they now have a list of where your key works
On Wed, 17 Jun 2009 00:12:02 -0500 Aaron Griffin <aaronmgriffin@gmail.com> wrote:
Knowing your known_hosts, if someone hacks one account they, in essence, hack all of them - assuming you have ssh keys setup (or use the same password everywhere), they now have a list of where your key works
ok i see the idea. so it all boils down to being able to crack one account first though. the known_hosts just tells you what the others locations are. however, having access to the known_hosts doesn't make it possible to crack anything right, because the actual key is stored elsewhere. i just looked at the known_hosts file (not encrypted) and saw that each entry has a ssh-rsa portion to it. that has no relation to the rsa keys i generate with ssh-keygen, so what purpose does it serve? there is no manpage for known_hosts, so is there some doc that can explain the structure of this file? -- In friendship, prad ... with you on your journey Towards Freedom http://www.towardsfreedom.com (website) Information, Inspiration, Imagination - truly a site for soaring I's
On Wed, Jun 17, 2009 at 3:03 PM, prad<prad@towardsfreedom.com> wrote:
On Wed, 17 Jun 2009 00:12:02 -0500 Aaron Griffin <aaronmgriffin@gmail.com> wrote:
Knowing your known_hosts, if someone hacks one account they, in essence, hack all of them - assuming you have ssh keys setup (or use the same password everywhere), they now have a list of where your key works
ok i see the idea. so it all boils down to being able to crack one account first though. the known_hosts just tells you what the others locations are.
however, having access to the known_hosts doesn't make it possible to crack anything right, because the actual key is stored elsewhere.
Well, if your private key is on the account they just hacked, then they have access to all machines you do. If you private key is on your local machine and you use ssh-agent, then that's not the case - unless of course they hack your local machine. Then the same issue applies.
i just looked at the known_hosts file (not encrypted) and saw that each entry has a ssh-rsa portion to it. that has no relation to the rsa keys i generate with ssh-keygen, so what purpose does it serve? there is no manpage for known_hosts, so is there some doc that can explain the structure of this file?
That's the server key. If it changes, ssh will yell loudly, saying that "hey this isn't the same server you connected to before, something seems fishy!". All ssh servers have their own keys
participants (4)
-
Aaron Griffin
-
Daenyth Blank
-
Dan McGee
-
prad