[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: HashKnownHosts

* Colin Watson:

> That's true. You can add them by hand without hashing the host name (and
> use 'ssh-keygen -H' afterwards if you like); known_hosts may contain a
> mix of hashed and unhashed host names.
>
> Is this a feature you would use often?

It might be practical for those of us who copy SSH host keys from
trusted sources (IOW nobody).  Probably it's okay to list the host in
an unhashed form in this case, provided that this feature doesn't go
away.

>> and it does not allow removal of all entries with a specific hash.
>
> If you know the host name, 'ssh-keygen -R' will do that. If you don't, I
> am curious as to the use case.

Sorry, I didn't wrote what I meant.  I've got some host name and what
to remove all lines which point to the same logical host (with the
same public key).  Sometimes it's necessary to sanitize the
known-hosts file (because the hosts still can be recovered using a
dictionary attack, or based on the stored public key).
Reply to: