For a while, I’ve been using a little trick that I found on the zsh wiki (CompletionExamples) to automatically turn my known_hosts file into a set of host names. Unfortunately, the latest Ubuntu upgrade has turned on a new feature of OpenSSH, HashKnownHosts (detailed in ssh_config(5)). Unfortunately, this breaks the parsing because the hostnames are no longer stored in the known_hosts file.
The simple workaround, in my case, was to stick HashKnownHosts no into /etc/ssh/ssh_config. And now everything’s back to normal.
Update: As Aristotle points out below, this is definitely a trade off of security vs convenience. Don’t do it if you’re not happy with the consequences.
Comments 2
You understand why this was implemented, right? It’s so if a cracker breaks into a system, he cannot mine the
Posted 22 Oct 2005 at 2:11 am ¶known_hostsfiles on it to discover additional targets. Turn it off only if you know the implications.I’m aware of why it’s like that. It’s just very inconvenient from my day-to-day usability. I’m aware that I’m making a trade off of security vs convenience. I shall point that out.
Posted 22 Oct 2005 at 7:45 am ¶Post a Comment