Re: Format of host keys in ~/.ssh/known_hosts



On 2010-02-07, unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2010-02-07, Ignoramus3837 <ignoramus3837@xxxxxxxxxxxxxxxxxxx> wrote:
On 2010-02-07, unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2010-02-07, Russell Hoover <rj@xxxxxxxxx> wrote:
On Sun, 07 Feb 2010 05:57:34 GMT, unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
On 2010-02-07, unruh <unruh@xxxxxxxxxxxxxxxxxxxxxxx> wrote:
SSH_KNOWN_HOSTS FILE FORMAT
That is a hashed host name, there so that if that file is comprimized
the person does not know which host it refers to.

HashKnownHosts yes
in /etc/ssh/ssh_config
which tells it to hash the hostname. REmove that and get human readable
hostnames.

I'm all for these things being there for the paranoid, but having it as the
default in /etc/ssh/ssh_config doesn't quite make sense to me. I want to
be able to look at my own known_hosts file and know what's there so it
doesn't become a big unweildy mess.

It is your distribution which, I believe, made it the default. Certainly
the stock ssh default has been to have this as no. What distro are you using?

Hashing ssh keys is DEFINITELY the way to go, despite the
inconveniences.

Otherwise it would be possible to write an "ssh virus". Iif it
compromises an account, it would look at authorized keys, guess what
other accounts to try compromising with the keys from a given host,
and keep going.

Yes, we got hit by precisely such an attack (on root moreover-- don't
ask how, except that the "advice" that authorized_keys logins are safer
than password logins for root is misplaced under this attack.)

I can imagine. Sorry to hear this. The moral, of course, is to guard
all authorized keys as well as one would guard passwords. A good
reminder.



I did a write up about an SSH virus a couple years ago.

So, yes, it is a hassle, but nothing else is acceptable.

sure it is. Note that if it is a root attack, then all games are up
anyway. All the key files are open now.


Yep, once the virus gets root, it can then get all keys from
/home/*/.ssh/*.key and add them to the pool of keys. Whereas if the
virus gets to only one account, it can only gets its keys. It is very
effective.

I still believe in passwordless root logins, but I try to be mindful
of who exactly can get to the keys.

i
.