OpenSSH & zsh misfeature

For a while, I’ve been using a little trick that I found on the zsh wiki (CompletionExamples) to automatically turn my known_hosts file into a set of host names. Unfortunately, the latest Ubuntu upgrade has turned on a new feature of OpenSSH, HashKnownHosts (detailed in ssh_config(5)). Unfortunately, this breaks the parsing because the hostnames are no longer stored in the known_hosts file.

The simple workaround, in my case, was to stick HashKnownHosts no into /etc/ssh/ssh_config. And now everything’s back to normal.

Update: As Aristotle points out below, this is definitely a trade off of security vs convenience. Don’t do it if you’re not happy with the consequences.

2 replies on “OpenSSH & zsh misfeature”

You understand why this was implemented, right? It’s so if a cracker breaks into a system, he cannot mine the known_hosts files on it to discover additional targets. Turn it off only if you know the implications.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s