On Fri, May 16, 2025 at 06:32:16PM +0000, fxkl4...@protonmail.com wrote: > On Fri, 16 May 2025, to...@tuxteam.de wrote:
[...]
> > There is an (sshd, I think) option to change that.
>
> i see
>
> Alternately, hostnames may be stored in a hashed form which hides host names
> and addresses should the file's contents be disclosed. Hashed hostnames
> start with a ‘|’ character. Only one hashed hostname may appear on a single
> line and none of the above negation or wildcard operators may be applied.
>
> i don't see how to change it
Ah, no,, sorry. I lied to you, it's in the ssh_config (/etc/ssh/ssh_config).
Here's the extract from man ssh_config:
HashKnownHosts
Indicates that ssh(1) should hash host names and ad‐
dresses when they are added to ~/.ssh/known_hosts.
These hashed names may be used normally by ssh(1) and
sshd(8), but they do not visually reveal identifying
information if the file's contents are disclosed.
The default is no. Note that existing names and ad‐
dresses in known hosts files will not be converted
automatically, but may be manually hashed using
ssh-keygen(1). Use of this option may break facili‐
ties such as tab-completion that rely on being able
to read unhashed host names from ~/.ssh/known_hosts.
...and the default in Debian is:
tomas@caliban:~$ grep -i hash /etc/ssh/ssh_config
HashKnownHosts yes
...so there you are :)
Cheers
--
t
signature.asc
Description: PGP signature
