/.ssh/known_hosts ownership
NoOp
glgxg at sbcglobal.net
Thu May 22 17:08:58 UTC 2008
On 05/21/2008 10:03 PM, Smoot Carl-Mitchell wrote:
> On Wed, 2008-05-21 at 19:49 -0700, NoOp wrote:
>> My question: is resetting /.ssh/known_hosts to user vs root a security
>> issue?
>
> No it is not. It should be owned by your user id. known_hosts stores
> the host keys collected from remote servers. If the remote key changed,
> it may mean the remote server has been compromised or a person in the
> middle attack is underway. In most cases the host key has changed
> because it has been regenerated on the remote system. For the truly
> paranoid it is a useful check. Some admins require the know_host key to
> match before allowing an SSH connection. This is handled by the
> StrictHostKeyChecking keyword. When set to "yes", it requires you to add
> remote host keys manually.
Thanks. I appreciate the confirmation & added info.
More information about the ubuntu-users
mailing list