Tor Arntsen <t...@spacetec.no> writes: > On Wed, May 6, 2009 at 11:54, Daniel Stenberg <dan...@haxx.se> wrote: > >> Now, this seems to be a description of the known_hosts file currently in use >> by openssh: http://nms.lcs.mit.edu/projects/ssh/README.hashed-hosts >> >> IOW, they no longer store the host name in the plain, but only as a sha-1 >> hash >> with a 64bit salt. This will have some impact on how we can do the host + key >> pairs and check for existing keys. > > Hashed or not is a configurable option in openssh (HashKnownHosts no/yes). > I always turn off hashing because I don't see how I could handle cases > where the known host updates its key (because I have e.g. reinstalled > its OS or something). There doesn't seem to be an ssh option to > override it, and with hashing on I would have to delete the entire > known_hosts file every time, afaic. With hashing off I just vi the > file, a quick search, and kill the line.
You don't have to delete the entire file, the error message you get on a host key mismatch contains the line number in known_hosts. You just have to remove that line on host os reinstall (plus the line for the IP address, but the line number for that is also printed). The reason for hashed known_hosts is automated bots that iterates through the list to see if it can log in automatically. Without the hostname in the clear, the bot doesn't know as easily which hosts the user logs in to. /Simon ------------------------------------------------------------------------------ The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com _______________________________________________ libssh2-devel mailing list libssh2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/libssh2-devel
