[arch-general] Any way to decrypt hashes set by ssh HashKnownHosts?
Aaron Griffin
aaronmgriffin at gmail.com
Tue May 20 15:26:27 EDT 2008
On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch <darose at darose.net> wrote:
> Just on a whim, I decided to try out the Debian tool to scan for weak keys
> resulting from the recent openssl security hole. And lo and behold, it
> found 2 weak keys in my known_hosts file!
>
> Problem is, though, since Arch recently turned on HashKnownHosts by default
> in ssh_config, those 2 lines in the known_hosts file are encrypted, and so I
> don't know which host machines that I've been ssh'ing into are affected by
> the problem.
>
> Anyone know if there's any way to decrypt the hashes created by the
> HashKnownHosts setting?
I think the whole point is that they *are* one way hashes. The only
think I can think of is to find the algorithm they use (sha1?) and
hash the hostnames that you know, then compare.
Alternatively, just remove those two and if you get the "(yes/no)"
prompt you know that's the host 8)
More information about the arch-general
mailing list