Secure Shell
SSH Option files using hashes instead of hostnames? Jun 27 2010 09:08PM
Dan Mahoney, System Admin (danm prime gushi org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 28 2010 05:02PM
Greg Wooledge (wooledg eeg ccf org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 01:32AM
Dan Mahoney, System Admin (danm prime gushi org) (3 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 12:05PM
Greg Wooledge (wooledg eeg ccf org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 06:01PM
Dan Mahoney, System Admin (danm prime gushi org) (1 replies)
Re: SSH Option files using hashes instead of hostnames? Jun 30 2010 07:12PM
Robert Hajime Lanning (robert lanning gmail com)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 11:28AM
Alexander Klimov (alserkli inbox ru)
Re: SSH Option files using hashes instead of hostnames? Jun 29 2010 08:01AM
Robert Hajime Lanning (robert lanning gmail com)
On Mon, Jun 28, 2010 at 6:32 PM, Dan Mahoney, System Admin
<danm (at) prime.gushi (dot) org [email concealed]> wrote:
> Now, assume I have that file hashed, but sitting in my ~/.ssh/config file, I
> have:
>
> # Server in guam is on overloaded DSL link
> Host slowpoke
> HostName slowpoke.secure.server.ad.company.com
> ConnectTimeout 600
> User admin
>
> Well, there you go.  Have fun. Even without the username, assume I have to
> have other options in there like for port-forwards, or the like.
>
> Now, keeping information in known_hosts is automatic and mostly mandatory,
> and config files like this are optional.  I recognize that.
>
> But compare this with
>
> HostnameHash |1|JYh/HiqdBkaEKeg0KrS9cHncJRI=|Qc2hMsrOMpReJLyOxwmps3nnb0k=
> ConnectTimeout 600
> User admin

problem here is that we are not comparing fields.
This field (Hostname) is read to replace the alias (Host). Hashing
looses data. You don't get
the original data back.

So, in the config file you can implement hashing for the "Host" field,
you cannot implement hashing for the "Hostname" field. Since the
"Host" field is just a lookup field, the command line argument can be
hashed and compared with the "Host" fields in the config file.

The only way to go forward is to encrypt either the field or the
complete file. Then you have to enter a passphrase every time you run
"ssh" to decrypt the config file. This is in addition to entering a
passphrase for your private key.

--
And, did Galoka think the Ulus were too ugly to save?
-Centauri

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus