Re: HashKnownHosts

To: debian-devel@lists.debian.org
Subject: Re: HashKnownHosts
From: Florian Weimer <fw@deneb.enyo.de>
Date: Sun, 03 Jul 2005 11:08:38 +0200
Message-id: <[🔎] 874qbcuui1.fsf@deneb.enyo.de>
In-reply-to: <[🔎] 20050702231831.GC8598@riva.ucam.org> (Colin Watson's message of "Sun, 3 Jul 2005 00:18:31 +0100")
References: <[🔎] 20050702091926.GA6989@wonderland.linux.it> <[🔎] 87zmt58ij8.fsf@deneb.enyo.de> <[🔎] 20050702174831.GA2549@rnb.grep.be> <[🔎] 87psu1xc5p.fsf@deneb.enyo.de> <[🔎] 20050702231831.GC8598@riva.ucam.org>

* Colin Watson:

> On Sat, Jul 02, 2005 at 09:04:18PM +0200, Florian Weimer wrote:
>> * Wouter Verhelst:
>> > Some of us actually do care what is listed in that file, and edit it
>> > from time to time. Hashing those names makes that much harder
>> 
>> There should be tools supporting this, I agree.
>
> There is such a tool, which I mentioned in the changelog:
>
>     - ssh and ssh-keyscan now support hashing of known_hosts files for
>       improved privacy. ssh-keygen has new options for managing known_hosts
>       files, which understand hashing.

AFAICS, ssh-keygen does not permit adding new entries, and it does not
allow removal of all entries with a specific hash.

Reply to:

Follow-Ups:
- Re: HashKnownHosts
  - From: Colin Watson <cjwatson@debian.org>

References:
- HashKnownHosts
  - From: md@Linux.IT (Marco d'Itri)
- Re: HashKnownHosts
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: HashKnownHosts
  - From: Wouter Verhelst <wouter@debian.org>
- Re: HashKnownHosts
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: HashKnownHosts
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: UNSUBSCRIBE
Next by Date: Get Bigger Pennis KToy
Previous by thread: Re: HashKnownHosts
Next by thread: Re: HashKnownHosts
Index(es):
- Date
- Thread