a story of compromise and an idea
djm at mindrot.org
Sat Feb 21 18:23:50 EST 2004
On Fri, 20 Feb 2004, John Meacham wrote:
> I was thinking that it would be a useful option to store a hash of the
> host/ip in known_hosts rather than the host/ip in plaintext so that
> there is not an immediate list of candidate machines to crack once an
> account is compromised. in the case of possible key-compromise, anything
> that slows down the attack long enough for you to hear about it and
> re-key is a good thing. Plus, as a privacy thing, one might not want a
> list of the machines they connect to so obviously logged.
I don't think that this would by you much - if an attacker has root on a
machine, they can trawl lastlog, shell history files, netstat and ps to
find this information pretty quickly.
I'd instead recommend that you encourage the use of the "ssh-add -c"
option for users. If they aren't running the agent on the compromised
machine itself, then they should notice unauthorised use of the agent and
out-of-hours key theft would be impossible.
More information about the openssh-unix-dev