[arch-general] bash remote host completion gone
Aaron Griffin
aaronmgriffin at gmail.com
Wed Jun 17 16:08:25 EDT 2009
On Wed, Jun 17, 2009 at 3:03 PM, prad<prad at towardsfreedom.com> wrote:
> On Wed, 17 Jun 2009 00:12:02 -0500
> Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>
>> Knowing your known_hosts, if someone hacks one account they, in
>> essence, hack all of them - assuming you have ssh keys setup (or use
>> the same password everywhere), they now have a list of where your key
>> works
>>
> ok i see the idea. so it all boils down to being able to crack one
> account first though. the known_hosts just tells you what the others
> locations are.
>
> however, having access to the known_hosts doesn't make it possible to
> crack anything right, because the actual key is stored elsewhere.
Well, if your private key is on the account they just hacked, then
they have access to all machines you do. If you private key is on your
local machine and you use ssh-agent, then that's not the case - unless
of course they hack your local machine. Then the same issue applies.
> i just looked at the known_hosts file (not encrypted) and saw that each
> entry has a ssh-rsa portion to it. that has no relation to the rsa keys
> i generate with ssh-keygen, so what purpose does it serve? there is no
> manpage for known_hosts, so is there some doc that can explain the
> structure of this file?
That's the server key. If it changes, ssh will yell loudly, saying
that "hey this isn't the same server you connected to before,
something seems fishy!". All ssh servers have their own keys
More information about the arch-general
mailing list