[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HashKnownHosts

On Sun, Jul 03, 2005 at 11:08:38AM +0200, Florian Weimer wrote:
> * Colin Watson:
> > On Sat, Jul 02, 2005 at 09:04:18PM +0200, Florian Weimer wrote:
> >> There should be tools supporting this, I agree.
> >
> > There is such a tool, which I mentioned in the changelog:
> >
> >     - ssh and ssh-keyscan now support hashing of known_hosts files for
> >       improved privacy. ssh-keygen has new options for managing known_hosts
> >       files, which understand hashing.
> 
> AFAICS, ssh-keygen does not permit adding new entries,

That's true. You can add them by hand without hashing the host name (and
use 'ssh-keygen -H' afterwards if you like); known_hosts may contain a
mix of hashed and unhashed host names.

Is this a feature you would use often?

> and it does not allow removal of all entries with a specific hash.

If you know the host name, 'ssh-keygen -R' will do that. If you don't, I
am curious as to the use case.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: