[arch-general] Any way to decrypt hashes set by ssh HashKnownHosts?
Thomas Bächler
thomas at archlinux.org
Tue May 20 18:47:25 EDT 2008
Aaron Griffin schrieb:
> On Tue, May 20, 2008 at 2:05 PM, David Rosenstrauch <darose at darose.net> wrote:
>> Problem is, though, since Arch recently turned on HashKnownHosts by default
>> in ssh_config, those 2 lines in the known_hosts file are encrypted, and so I
>> don't know which host machines that I've been ssh'ing into are affected by
>> the problem.
> I think the whole point is that they *are* one way hashes. The only
> think I can think of is to find the algorithm they use (sha1?) and
> hash the hostnames that you know, then compare.
I didn't find out about this change until much later - and it pissed me
off. For no apparent reason, we changed the default configuration of
openssh at one point and now I have an obfuscated known_hosts file. I
don't see any security impact in having the hosts unhashed.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://archlinux.org/pipermail/arch-general/attachments/20080521/e6a961ac/attachment.pgp>
More information about the arch-general
mailing list