[Bug 2560] sshd: Description of hashed known_hosts file does not make sense and format is outdated

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Apr 8 14:31:53 AEST 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2560

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
It's saying that (In reply to Jakub Jelen from comment #0)
> Manual page for  sshd  states:
> 
>     Alternately, hostnames may be stored in a hashed form which hides
>     host names and addresses should the file's contents be disclosed.
> 
> The ending part "should the file's contents be disclosed" does not
> fit into the sentence and I am not sure what is meant by that.
> 
> It is there for a long time, since
> e1776155d19db4f3ab2ff42323d6499f0712cfa4

It's saying that if someone gets a hold ("be disclosed") of your
known_hosts file then the host name/address will still have some
privacy. AFAIK it's grammatical, but I'm open to a better wording.


> Also the format, described as:
> 
>     Each line in these files contains the following fields: markers
> (optional),
>     hostnames, bits, exponent, modulus, comment.
> 
> is outdated (describes RSA1 keys). In current situation the part
> "bits, exponent, modulus" is substituted by "keytype, base64-encoded
> key" as described for example in  authorized_keys  section.

How about:

-hostnames, bits, exponent, modulus, comment.
+hostnames, key type, key content (base-64 encoded), comment.

We're taking the habit of referring to SSH protocol 2 features only in
anticipation of a future removal of SSH 1 code in a few years.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list