[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problem with SSH host keys

On Tue, Sep 23, 2014 at 03:59:56PM -0700, Don Armstrong wrote:
> On Tue, 23 Sep 2014, Keith Lawson wrote:
> > On Tue, Sep 23, 2014 at 01:26:36PM -0700, Don Armstrong wrote:
> > > Do you all of the ip addresses and hostnames listed for those keys in
> > > known_hosts?
> > 
> > These are all servers I've been connecting to for years so I should
> > have their IP and host keys.
> 
> Because the entries in known_hosts are hashed by default, it's not
> trivial to determine this.
> 
> If you've changed DNS resolution slightly, or if they now reverse to
> different names, or you now can connect via IPv6, or the IP addresses
> have changed, you will see this warning.
> 
> This is one of the reasons why I (and Debian itself) don't use hashed
> known hosts for machines.

Another good reason not to hash the known_hosts file: bash command
completion - after "ssh" or "scp" the bash command completion will use
~/.ssh/known_hosts to suggest/complete hosts. Brilliant stuff.

-- 
Karl E. Jorgensen
Reply to: