Displaying 20 results from an estimated 4000 matches similar to: "known_hosts vulnerability?"
2005 Feb 03
2
I wonder if this uses Wine?
http://techworld.com/opsys/news/index.cfm?NewsID=3064
The fact that they talk about Notes (the client) rather than Domino
(the server) suggests that they may be running the Notes client (as I
and many others do) under Linux, and the only way I know of to do this
is to use Wine.
David
2020 Sep 29
12
Human readable .ssh/known_hosts?
Hi list members,
just tried to get some old records out of my known_hosts, which is 'HashKnownHosts yes'. Is there a way to unhash host names and/or IPs?
Google tells about, how to add hosts, but not the opposite, may be I miss some thing.
Is this does not work at all, is there a best practice for cleaning old hosts and keys out?
Thanks, Martin!
--
Martin
GnuPG Key Fingerprint, KeyID
2024 Feb 14
2
How to remove old entries from known_hosts?
Is there any way to remove old entries from the known_hosts file? With
the hashed 'names' one can't easily see which entries are which. I
have around 150 lines in my known hosts but in reality I only ssh to a
dozen or so systems. All the redundant ones are because I have a
mixed population of Raspberry Pis and such on my LAN and they get
rebuilt fairly frequently and thus, each time,
2005 Apr 21
11
[Bug 910] known_hosts port numbers
http://bugzilla.mindrot.org/show_bug.cgi?id=910
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |foomzilla at fuhm.net
------- Additional Comments From djm at mindrot.org 2005-04-21 18:16 -------
*** Bug 454 has been marked as a
2016 Apr 01
4
[Bug 2560] New: sshd: Description of hashed known_hosts file does not make sense and format is outdated
https://bugzilla.mindrot.org/show_bug.cgi?id=2560
Bug ID: 2560
Summary: sshd: Description of hashed known_hosts file does not
make sense and format is outdated
Product: Portable OpenSSH
Version: -current
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2004 Sep 10
11
[Bug 910] known_hosts port numbers
http://bugzilla.mindrot.org/show_bug.cgi?id=910
mindrot at askneil.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mindrot at askneil.com
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, Oct 04, 2020 at 09:24:12PM +1100, Damien Miller wrote:
> On Sun, 4 Oct 2020, Damien Miller wrote:
>
> > No - I think you've stumbled on a corner case I hadn't anticipated.
> > Does your configuration override CheckHostIP at all?
No.
> >
> > What are the known_hosts entries for the hostname and IP?
>
> Also, do you use HashKnownHosts? or do
2020 Oct 04
2
UpdateHostkeys now enabled by default
On Sun, 4 Oct 2020, Matthieu Herrb wrote:
> Hi,
>
> on OpenBSD-current I now get this when connecting to an existing
> machine for which I have both ecdsa an ed25519 keys in my existing
> known_hosts (but apparently ed25519 keys where added only for the name
> previsously by ssh):
>
> Warning: the ED25519 host key for 'freedom' differs from the key for
> the
2016 Dec 09
2
HashKnownHosts vs @cert-authority
Hi folks,
maybe I am too blind to see, but would it be possible to
avoid extra entries in known_hosts, if the remote host
has a signed public key matching a @cert-authority line?
Something like
Host *
HashKnownHosts unsigned
This could help to keep the known_hosts file small and
yet get all the unsigned public keys in.
Just a suggestion, of course. Regards
Harri
2024 Feb 17
1
How to remove old entries from known_hosts?
Brian Candler wrote:
> Chris Green wrote:
> > ... redundant ones are because I have a mixed population of
> > Raspberry Pis and such on my LAN and they get rebuilt fairly
> > frequently and thus, each time, get a new entry in known_hosts.
> ...many useful tips...
> To disable host key checking altogether for certain domains and/or networks,
> you can put this in
2010 Aug 20
1
[Feature Request] delete defined line in known_hosts file
Hi,
for a test lab, I'm trying to write a small shell script that will
eradicate all information regarding a special host from the
known_hosts file. Unfortunately, it is quite non-trivial to find out
what ssh doesn't like with a host.
ssh says which line in known_hosts has the offending key, but
ssh-keygen -R doesn't take a line number. Am I using an undocumented
interface when I
2005 Dec 10
2
known_hosts and multiple hosts through a NAT router
The .ssh/known_hosts table cannot handle reaching different sshd
servers behind a NAT router. The machines are selected by having
the SSHDs respond to differnt ports.
A second request would be to allow known_hosts checking solely on
the dns name, wildcarding the IP address. This would be useful
to avoid continuously warning the user every time you connect
to a machine with a changing IP address
2017 Jan 28
3
known_hosts question for Ubuntu Server 14.04 and 16.04 LTS
Hello & thanks for reading.
I'm having a problem configuring known_hosts from scripts so an accept
key yes/no prompt doesn't appear.
I'm using this command to detect if the server is known and add it to
known_hosts:
if ! ssh-keygen -F ${IP_ADDR} -f ~/.ssh/known_hosts > /dev/null 2>&1; t
hen ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi
This works
2020 Sep 30
3
Human readable .ssh/known_hosts?
On Tue, 29 Sep 2020 at 23:16, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
[...]
> I gave up on $HOME/.ssh/known_hosts a *long* time ago, because if
> servers are DHCP distributed without static IP addresses they can wind
> up overlapping IP addresses with mismatched hostkeys
You can set CheckHostIP=no in your config. As long as the names don't
change it'll do what you
2003 Dec 18
2
known_hosts, IP, and port revisited
I dug through the list archives to see if this had come up before, and I
see that a bug <http://bugzilla.mindrot.org/show_bug.cgi?id=393> was
submitted and subsequently closed (basically rejected) in 2002.
The basic issue, for those of you who don't feel like following the bug
URL, is that when one has ssh servers behind a NAT, each of which responds
to a different port on the NAT IP,
2013 May 14
2
[Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
https://bugzilla.mindrot.org/show_bug.cgi?id=1993
alex at testcore.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |alex at testcore.net
Version|5.9p1 |6.2p1
--- Comment #1 from alex at testcore.net ---
Also
2013 Nov 11
4
[Bug 2169] New: command to remove outdated hostkey from known_hosts file wrong
https://bugzilla.mindrot.org/show_bug.cgi?id=2169
Bug ID: 2169
Summary: command to remove outdated hostkey from known_hosts
file wrong
Product: Portable OpenSSH
Version: 6.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
2020 Sep 30
2
Human readable .ssh/known_hosts?
On Tue, 29 Sep 2020, Nico Kadel-Garcia wrote:
> As I understand this option, it does not help at all with the nearly
> inevitable re-use of the same IP address for a different host with a
> different hostkey in, for example, a modest DHCP based environment.
> Such environments are common both in smaller, private networks and in
> large public networks, and it's perhaps
2010 Jun 02
1
known_hosts
Is there a good reason why known_hosts stores the address of the server
but not the port? This is annoying when one host is running more than
one instance of openssh with different ports and different keys, or
(less tractably) when a NAT in front of multiple hosts multiplexes
which host is connected to by port number. I see no immediate security
implication in fixing this, but am I missing
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On Fri, 18 Aug 2023 at 17:18, Stuart Longland VK4MSL <me at vk4msl.com> wrote:
> On 18/8/23 15:39, Darren Tucker wrote:
[...]
> > I think you just need "HostKeyAlias mytarget" here.
>
> Ahh, in my scanning through the `ssh_config` manpage, I missed this, and
> change logs seem to indicate this feature has been around since at least
> 2017, so should not cause