|[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]|
On Mon, 28 Jun 2010, Greg Wooledge wrote:
On Sun, Jun 27, 2010 at 05:08:14PM -0400, Dan Mahoney, System Admin wrote:SSH allows the option of hashing the known-hosts file in order to prevent people who get access to your account being able to jump other places. Is is not conceivable that they'd want the same option with their options file?It doesn't make sense. The point of a hash (at least in this context) is that you cannot reverse it to get the original data back. When ssh is connecting to a host, it has the hostname available, because you typed it on the command line. It can hash the hostname, and then look up the hash in the known_hosts file.
What? I think you're not understanding this, then.The point of the hash is that if, someone has compromised my account (via brute force, keyboard surfing, evil sysadmin, whatever, and whatever else it contains (trusted keys, kerberos credentials, etc), they could look in my known_hosts file and see what other hosts they could log into.
Now, assume I have that file hashed, but sitting in my ~/.ssh/config file, I have:
# Server in guam is on overloaded DSL link Host slowpoke HostName slowpoke.secure.server.ad.company.com ConnectTimeout 600 User adminWell, there you go. Have fun. Even without the username, assume I have to have other options in there like for port-forwards, or the like.
Now, keeping information in known_hosts is automatic and mostly mandatory, and config files like this are optional. I recognize that.
But compare this with HostnameHash |1|JYh/HiqdBkaEKeg0KrS9cHncJRI=|Qc2hMsrOMpReJLyOxwmps3nnb0k= ConnectTimeout 600 User admin(Assume that the lookup of the hash was done AFTER resolving the FQDN in dns, like I said).
Yes, you can confirm that that host is also present in my known-hosts, but you cannot log into it.
For the purposes of this discussion we'll assume I have shell-history turned off.
This doesn't apply to options. The ssh client would have to have the option already, so it could hash it and look for the hash in the file, to see whether it should have the option. As I said, it's nonsense.
Actually, you hadn't said that.Yes, I recognize this is a corner-case, but other than saying it's "nonsense" please tell me this would be less secure, and please feel free to tell me there's no use-case for it.
-Dan -- --------Dan Mahoney-------- Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---------------------------
[Home] [Fedora Users] [Fedora Legacy] [Fedora Desktop] [Yosemite Photos] [Yosemite News] [Yosemite Campsites] [KDE Users] [Gnome Users]