Bug 2638 - Allow known hosts to be stored hashed
Summary: Allow known hosts to be stored hashed
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: trunk
Hardware: PC Linux
: P2 Enhancement
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-01-21 09:41 CET by Erik Forsberg
Modified: 2022-06-07 12:39 CEST (History)
1 user (show)

See Also:
Acceptance Criteria:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Erik Forsberg cendio 2008-01-21 09:41:44 CET 
Nowadays, openssh stores the hostnames in ~/.ssh/known_hosts in a hashed form. If I understand correctly, this is to make it harder for an attacker that has gained access to the file to find out which other hosts might be easy to gain access to by trying to login with the same username/password etc. 

Our ssh doesn't use this format when storing keys. It probably should.
Comment 1 Pierre Ossman cendio 2021-07-22 15:58:34 CEST 
Note that this isn't enabled by default in OpenSSH so it is uncertain how popular this is. We've never had a customer request for it.
Comment 2 Samuel Mannehed cendio 2022-05-31 13:01:59 CEST 
This seems like it should be closed, moving to -- for discussion.
Comment 3 Pierre Ossman cendio 2022-06-07 12:39:35 CEST 
Although no one has this enabled by default, this is still a security feature, so this may be interesting for us even without explicit user requests. We should keep an eye on it and see how the rest of the ecosystem handles this feature.
Note You need to log in before you can comment on or make changes to this bug.