Martin McCormick wrote: > I recently needed to clear out some old entries from the > .ssh/known_hosts file on a Debian system and discovered that I > couldn't tell which system key was which because they were all > type rsa keys instead of the type DSA keys which do contain a > field with either the host name or its IP address. > > Is there a way in Linux to make ssh get the type DSA host keys? > I presently see the following message when adding a new host to > known_hosts: > > Warning: Permanently added 'remote.host.okstate.edu,192.168.8.9' (RSA) > to the list of known hosts. > > When a FreeBSD system connects to a Debian host as an > example, it automatically knows to add the dsa host key. > > This is no show stopper by any means, but why is this > happening? Thanks. >
Not dependant on RSA vs DSA, but the value HashKnownHosts in /etc/ssh/ssh_config man ssh_config HashKnownHosts Indicates that ssh(1) should hash host names and addresses when they are added to ~/.ssh/known_hosts. These hashed names may be used normally by ssh(1) and sshd(8), but they do not reveal identifying information should the file's contents be disclosed. The default is ``no''. Note that existing names and addresses in known hosts files will not be converted automatically, but may be manually hashed using ssh-keygen(1). HTH, -- Jim Barnes -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
