[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ProgSoc] SSH keys problem



On Thu, 2006-05-18 at 15:11 +1000, jedd wrote:

>  I note that it generates two lines (with differing hostnames (well,
>  the bit before the the ssh-rsa bit)) for every connection made,
>  which is weird in itself.

For _every_ connection? That's a little odd. What it's doing is storing
a salted hash of the host identifier, rather than a resolvable host
identifier (IP address, DNS name).

>  I've not heard of ssh servers encoding (or encrypting?) the
>  hostname .. what use is that, I wonder?

Worm containment. Prior to this, if a worm outbreak ever did occur,
every ssh installation would have a builtin list of "who to attack next"
in the form of the known_hosts file. By storing only a hash, host keys
can still be verified upon connection, but a (hypothetical) worm cannot
use the list for attack optimisation.

- Raz


-
You are subscribed to the progsoc mailing list. To unsubscribe, send a
message containing "unsubscribe" to progsoc-request@xxxxxxxxxxxxxxxxxxx
If you are having trouble, ask owner-progsoc@xxxxxxxxxxxxxxxxxx for help.