OpenSSH & zsh misfeature

For a while, I’ve been using a little trick that I found on the zsh wiki (CompletionExamples) to automatically turn my known_hosts file into a set of host names. Unfortunately, the latest Ubuntu upgrade has turned on a new feature of OpenSSH, HashKnownHosts (detailed in ssh_config(5)). Unfortunately, this breaks the parsing because the hostnames are no longer stored in the known_hosts file.

The simple workaround, in my case, was to stick HashKnownHosts no into /etc/ssh/ssh_config. And now everything’s back to normal.

Update: As Aristotle points out below, this is definitely a trade off of security vs convenience. Don’t do it if you’re not happy with the consequences.

Comments 2

  1. Aristotle Pagaltzis wrote:

    You understand why this was implemented, right? It’s so if a cracker breaks into a system, he cannot mine the known_hosts files on it to discover additional targets. Turn it off only if you know the implications.

    Posted 22 Oct 2005 at 02:11
  2. Dominic Mitchell wrote:

    I’m aware of why it’s like that. It’s just very inconvenient from my day-to-day usability. I’m aware that I’m making a trade off of security vs convenience. I shall point that out.

    Posted 22 Oct 2005 at 07:45