Re: SSH Option files using hashes instead of hostnames?



On Sun, Jun 27, 2010 at 05:08:14PM -0400, Dan Mahoney, System Admin wrote:
SSH allows the option of hashing the known-hosts file in order to prevent
people who get access to your account being able to jump other places. Is
is not conceivable that they'd want the same option with their options
file?

It doesn't make sense. The point of a hash (at least in this context)
is that you cannot reverse it to get the original data back. When ssh is
connecting to a host, it has the hostname available, because you typed
it on the command line. It can hash the hostname, and then look up the
hash in the known_hosts file.

This doesn't apply to options. The ssh client would have to have the
option already, so it could hash it and look for the hash in the file,
to see whether it should have the option. As I said, it's nonsense.