Re: ssh, where do the host come from
On Fri, 16 May 2025, tomas@tuxteam.de wrote:
> On Fri, May 16, 2025 at 06:32:16PM +0000, fxkl47BF@protonmail.com wrote:
>> On Fri, 16 May 2025, tomas@tuxteam.de wrote:
>
> [...]
>
>>> There is an (sshd, I think) option to change that.
>>
>> i see
>>
>> Alternately, hostnames may be stored in a hashed form which hides host names and addresses should the file's contents be disclosed. Hashed hostnames start with a ‘|’ character. Only one hashed hostname may appear on a single line and none of the above negation or wildcard operators may be applied.
>>
>> i don't see how to change it
>
> Ah, no,, sorry. I lied to you, it's in the ssh_config (/etc/ssh/ssh_config).
> Here's the extract from man ssh_config:
>
> HashKnownHosts
> Indicates that ssh(1) should hash host names and ad‐
> dresses when they are added to ~/.ssh/known_hosts.
> These hashed names may be used normally by ssh(1) and
> sshd(8), but they do not visually reveal identifying
> information if the file's contents are disclosed.
> The default is no. Note that existing names and ad‐
> dresses in known hosts files will not be converted
> automatically, but may be manually hashed using
> ssh-keygen(1). Use of this option may break facili‐
> ties such as tab-completion that rely on being able
> to read unhashed host names from ~/.ssh/known_hosts.
>
> ...and the default in Debian is:
>
> tomas@caliban:~$ grep -i hash /etc/ssh/ssh_config
> HashKnownHosts yes
>
> ...so there you are :)
thanks
i understand the no host hash in an industrial setting
but in a home network it seems unnecessary
Reply to: