On Fri, 16 May 2025, to...@tuxteam.de wrote: > On Fri, May 16, 2025 at 06:32:16PM +0000, fxkl4...@protonmail.com wrote: >> On Fri, 16 May 2025, to...@tuxteam.de wrote: > > [...] > >>> There is an (sshd, I think) option to change that. >> >> i see >> >> Alternately, hostnames may be stored in a hashed form which hides host names >> and addresses should the file's contents be disclosed. Hashed hostnames >> start with a ‘|’ character. Only one hashed hostname may appear on a single >> line and none of the above negation or wildcard operators may be applied. >> >> i don't see how to change it > > Ah, no,, sorry. I lied to you, it's in the ssh_config (/etc/ssh/ssh_config). > Here's the extract from man ssh_config: > > HashKnownHosts > Indicates that ssh(1) should hash host names and ad‐ > dresses when they are added to ~/.ssh/known_hosts. > These hashed names may be used normally by ssh(1) and > sshd(8), but they do not visually reveal identifying > information if the file's contents are disclosed. > The default is no. Note that existing names and ad‐ > dresses in known hosts files will not be converted > automatically, but may be manually hashed using > ssh-keygen(1). Use of this option may break facili‐ > ties such as tab-completion that rely on being able > to read unhashed host names from ~/.ssh/known_hosts. > > ...and the default in Debian is: > > tomas@caliban:~$ grep -i hash /etc/ssh/ssh_config > HashKnownHosts yes > > ...so there you are :)
thanks i understand the no host hash in an industrial setting but in a home network it seems unnecessary
