OpenSSH 3.9 not hashing known_hosts
Lee Colleton
lee.colleton at gmail.com
Fri May 20 17:19:10 UTC 2005
I read in Bruce Schneier's excellent security [0]bulletin about the
potential for "Address Harvesting " from the known_hosts file. There
is a more detailed review of the problem along with some tools and
recommendations posted at [1]MIT.
Openssh 3.9 as packaged with Hoary does not allow hashing of the
known_hosts file AFAIK. OpenSSH 4.0 incorporates the capability but
it is turned off by default. Will the Ubuntu project support and
document this change to SSH? What's the plan?
Curiously yours,
Lee Colleton
[0] http://www.schneier.com/blog/archives/2005/05/the_potential_f.html
[1] http://nms.csail.mit.edu/projects/ssh/
More information about the ubuntu-users
mailing list