Re: SSH Option files using hashes instead of hostnames?



On Mon, Jun 28, 2010 at 09:32:06PM -0400, Dan Mahoney, System Admin wrote:
On Mon, 28 Jun 2010, Greg Wooledge wrote:
It doesn't make sense. The point of a hash (at least in this context)
is that you cannot reverse it to get the original data back.

The point of the hash is that if, someone has compromised my account (via
brute force, keyboard surfing, evil sysadmin, whatever, and whatever else
it contains (trusted keys, kerberos credentials, etc), they could look in
my known_hosts file and see what other hosts they could log into.

You're discussing what you desire as an outcome. That's great. It's
a perfectly reasonable thing to want.

The problem is that it's not possible.

# Server in guam is on overloaded DSL link
Host slowpoke
HostName slowpoke.secure.server.ad.company.com
ConnectTimeout 600
User admin

Hashes are one-way. You can turn data into a hash, but you can't turn
a hash back into data.

But compare this with

HostnameHash |1|JYh/HiqdBkaEKeg0KrS9cHncJRI=|Qc2hMsrOMpReJLyOxwmps3nnb0k=
ConnectTimeout 600
User admin

There is no way to translate the hash into the string
"slowpoke.secure.server.ad.company.com". If you had typed the string
"slowpoke.secure.server.ad.company.com" on the command line, then the
ssh client could hash it and compare that to what's in your options
file. But if you only typed "slowpoke" on the command line, then the
client can't even look up the canonical FQDN from that.



Relevant Pages

  • Re: How to write a diff in VB6 for comparing two xml files?
    ... No, the best you could do is to read both into string and use StrCompbut it's inefficient and, but using the hash ... Private Declare Function CryptAcquireContext Lib "AdvAPI32.dll" Alias _ ... Dim HashAAs Byte, HashLenA As Long ...
    (microsoft.public.vb.general.discussion)
  • Re: something like switch in c
    ... >> straightforward string comparisions. ... > inner table size and/or add symbols to expand the hash. ... It all depends on the empirical pattern of the actual keys. ... The value of the random number generator is UNCHANGED on ...
    (comp.programming)
  • Re: How to make PKCS#7 signature using CryptoAPI?
    ... Those MSDN samples hash a string PLUS the null byte (so that it ... I tried your sample and had no problem verifying with openssl (after I added ... functions (including CryptSignMessage). ...
    (microsoft.public.platformsdk.security)
  • Re: How to make PKCS#7 signature using CryptoAPI?
    ... "Mitch Gallant" wrote: ... Those MSDN samples hash a string PLUS the null byte (so that it ... functions (including CryptSignMessage). ...
    (microsoft.public.platformsdk.security)
  • Re: Base36
    ... static string tokens = ... But - I don't think you want all those silly characters in the product key. ... I should be able to recalc the hash at the client ... > conversion to long so I can pass each long to the BaseXX converter to get ...
    (microsoft.public.dotnet.languages.csharp)