Format der .ssh/known_hosts unter Ubuntu
Ulf Rompe
Ulf.Rompe at icem.com
Fre Jun 8 10:39:46 BST 2007
Am Donnerstag, den 07.06.2007, 22:24 +0200 schrieb Johannes Kastl:
> unter Ubuntu ist das Format der ~/.ssh/known_hosts irgendwie anders, statt
>
> 192.168.0.1 ssh-rsa ....
>
> steht da was ganz wirres.
>
> Woran liegt das? Wie ändere ich das? Und: Wie hätte ich das
> herausfinden können? Ich wüsste im Moment nicht mal wo ich anfangen
> sollte zu suchen...
In /usr/share/doc/openssh-client/changelog.Debian.gz steht unter
anderem:
* New upstream release.
[...]
- ssh and ssh-keyscan now support hashing of known_hosts files for
improved privacy (CAN-2005-2666). ssh-keygen has new options for
managing known_hosts files, which understand hashing.
[...]
* Enable HashKnownHosts by default. This only affects new entries; use
'ssh-keygen -H' to convert an entire known_hosts file to hashed format.
In `man ssh_config' findet sich dann:
HashKnownHosts
Indicates that ssh should hash host names and addresses when they
are added to ~/.ssh/known_hosts. These hashed names may be used
normally by ssh and sshd, but they do not reveal identifying
information should the file’s contents be disclosed. The default
is “no”. Note that hashing of names and addresses will not be
retrospectively applied to existing known hosts files, but these
may be manually hashed using ssh-keygen(1).
Generell ist das eine gute Sache, und Du solltest gründlich überlegen,
ob Du es wirklich abschalten willst. Falls Du es dann immer noch willst,
kannst Du diese Option in ~/.ssh/config ändern.
[x] ulf
--
Rome did not create a great empire by having meetings,
they did it by killing all those who opposed them.