On Sun, Jul 03, 2005 at 03:28:15PM +0200, Bernd Eckenfels wrote:
> In article <20050703130109.GB16725@riva.ucam.org> you wrote:
> > That's true, and unavoidable in this scheme; but the use case (beyond
> > fastidiousness) for this is not clear to me.
> Well, how do you audit the files and purge stale entries.
That comes under "fastidiousness" as far as I'm concerned: the only
benefits I see from bothering to do that are (a) negligible performance
differences and (b) hiding of old information, which HashKnownHosts
gives you anyway. I don't see how it's required for normal use. Joe User
is never going to garbage-collect his known_hosts file; heck, even I
have better things to do. The only time I've ever removed entries from
known_hosts is when I know that a specific host's key has changed, and
'ssh-keygen -R' deals with that just fine.
(Of course, people with unusual requirements can always disable
HashKnownHosts, but I'm interested in a sane default.)
Colin Watson [email@example.com]