Re: HashKnownHosts

To: debian-devel@lists.debian.org
Subject: Re: HashKnownHosts
From: Colin Watson <cjwatson@debian.org>
Date: Sun, 3 Jul 2005 15:52:07 +0100
Message-id: <[🔎] 20050703145207.GK16725@riva.ucam.org>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] E1Dp4W7-00061n-00@calista.eckenfels.6bone.ka-ip.net>
References: <[🔎] 20050703130109.GB16725@riva.ucam.org> <[🔎] E1Dp4W7-00061n-00@calista.eckenfels.6bone.ka-ip.net>

On Sun, Jul 03, 2005 at 03:28:15PM +0200, Bernd Eckenfels wrote:
> In article <[🔎] 20050703130109.GB16725@riva.ucam.org> you wrote:
> > That's true, and unavoidable in this scheme; but the use case (beyond
> > fastidiousness) for this is not clear to me.
> 
> Well, how do you audit the files and purge stale entries.

That comes under "fastidiousness" as far as I'm concerned: the only
benefits I see from bothering to do that are (a) negligible performance
differences and (b) hiding of old information, which HashKnownHosts
gives you anyway. I don't see how it's required for normal use. Joe User
is never going to garbage-collect his known_hosts file; heck, even I
have better things to do. The only time I've ever removed entries from
known_hosts is when I know that a specific host's key has changed, and
'ssh-keygen -R' deals with that just fine.

(Of course, people with unusual requirements can always disable
HashKnownHosts, but I'm interested in a sane default.)

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Re: HashKnownHosts
  - From: Kurt Roeckx <kurt@roeckx.be>
- Re: HashKnownHosts
  - From: Martijn van Oosterhout <kleptog@gmail.com>

References:
- Re: HashKnownHosts
  - From: Colin Watson <cjwatson@debian.org>
- Re: HashKnownHosts
  - From: Bernd Eckenfels <ecki@lina.inka.de>

Prev by Date: Re: HashKnownHosts
Next by Date: Re: Getting rid of circular dependencies
Previous by thread: Re: HashKnownHosts
Next by thread: Re: HashKnownHosts
Index(es):
- Date
- Thread