[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HashKnownHosts



On Sun, Jul 03, 2005 at 03:28:15PM +0200, Bernd Eckenfels wrote:
> In article <20050703130109.GB16725@riva.ucam.org> you wrote:
> > That's true, and unavoidable in this scheme; but the use case (beyond
> > fastidiousness) for this is not clear to me.
> 
> Well, how do you audit the files and purge stale entries.

That comes under "fastidiousness" as far as I'm concerned: the only
benefits I see from bothering to do that are (a) negligible performance
differences and (b) hiding of old information, which HashKnownHosts
gives you anyway. I don't see how it's required for normal use. Joe User
is never going to garbage-collect his known_hosts file; heck, even I
have better things to do. The only time I've ever removed entries from
known_hosts is when I know that a specific host's key has changed, and
'ssh-keygen -R' deals with that just fine.

(Of course, people with unusual requirements can always disable
HashKnownHosts, but I'm interested in a sane default.)

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]



Reply to: