Re: HashKnownHosts
On Sun, Jul 03, 2005 at 11:08:38AM +0200, Florian Weimer wrote:
> * Colin Watson:
> > On Sat, Jul 02, 2005 at 09:04:18PM +0200, Florian Weimer wrote:
> >> There should be tools supporting this, I agree.
> >
> > There is such a tool, which I mentioned in the changelog:
> >
> > - ssh and ssh-keyscan now support hashing of known_hosts files for
> > improved privacy. ssh-keygen has new options for managing known_hosts
> > files, which understand hashing.
>
> AFAICS, ssh-keygen does not permit adding new entries,
That's true. You can add them by hand without hashing the host name (and
use 'ssh-keygen -H' afterwards if you like); known_hosts may contain a
mix of hashed and unhashed host names.
Is this a feature you would use often?
> and it does not allow removal of all entries with a specific hash.
If you know the host name, 'ssh-keygen -R' will do that. If you don't, I
am curious as to the use case.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: