D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] ssh editing knownhosts

 

On Tue, 10 Aug 2010, Simon Waters wrote:

tom wrote:
It was a guess as to which entry to remove as the host info was encrypted too!, is there a manager for this somewhere - or would that defeat the point?

ssh-keygen will do want you want.

Although I tend to use "vim" and the line number from ssh, but that is probably bad practice (since it relies on my remembering what changes when).

's what I do when a site has changed - although I tend to simply delete the known_hosts file from time to time...

Since the is cryptographic key material it ought to be properly managed -- which probably means well thought out wrappers around ssh-keygen. I don't see many around, so far too many of us are winging it. If you are "winging it" with other people's servers, then as long as you stop and check fingerprints when a server is rebuilt it isn't a big issue.

Then again SSH encryption is probably not the weak spot on most Linux boxes security.

I discovered a clients server with a hacked version of sshd installed recently... Still no idea how they got in or got root privs. to make the changes. Very frustrating.

Gordon

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq