Bug#438654: openssh-client: please be consistent for HashKnownHosts
Package: openssh-client
Version: 1:4.6p1-5
Severity: minor
Hello,
`man ssh_config` says HashKnownHosts is "no" by default:
=====
HashKnownHosts
Indicates that ssh(1) should hash host names and addresses when
they are added to ~/.ssh/known_hosts. These hashed names may be
used normally by ssh(1) and sshd(8), but they do not reveal
identifying information should the file’s contents be disclosed.
The default is “no”. Note that existing names and addresses in
known hosts files will not be converted automatically, but may be
manually hashed using ssh-keygen(1). Use of this option may break
facil‐ ities such as tab-completion that rely on being able to read
unhashed host names from ~/.ssh/known_hosts.
=====
But in Debian HashKnownHosts is "yes" by default (debian/changelog):
=====
openssh (1:4.0p1-1) experimental; urgency=low
[...]
* Enable HashKnownHosts by default. This only affects new entries;
use 'ssh-keygen -H' to convert an entire known_hosts file to
hashed format.
[...]
-- Colin Watson <cjwatson@debian.org> Thu, 26 May 2005 11:23:18 +0100
=====
IMHO even if the manpage is the upstream one, it should be consistent
with the Debian behavior, thus stating that by default is "yes". Or,
at least, a note should be added in README.Debian, especially because
the debian/changelog entry is becoming old.
Thx, bye,
Gismo / Luca
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-client depends on:
ii adduser 3.104 add and remove users and groups
ii debconf [debconf-2.0] 1.5.14 Debian configuration management sy
ii dpkg 1.14.5 package maintenance system for Deb
ii libc6 2.6.1-1 GNU C Library: Shared libraries
ii libcomerr2 1.40.2-1 common error description library
ii libedit2 2.9.cvs.20050518-4 BSD editline and history libraries
ii libkrb53 1.6.dfsg.1-6 MIT Kerberos runtime libraries
ii libncurses5 5.6+20070812-1 Shared libraries for terminal hand
ii libssl0.9.8 0.9.8e-6 SSL shared libraries
ii passwd 1:4.0.18.1-11 change and administer password and
ii zlib1g 1:1.2.3.3.dfsg-5 compression library - runtime
openssh-client recommends no packages.
-- no debconf information
Reply to: