a story of compromise and an idea

Damien Miller djm at mindrot.org
Sat Feb 21 18:23:50 EST 2004

On Fri, 20 Feb 2004, John Meacham wrote:

> I was thinking that it would be a useful option to store a hash of the
> host/ip in known_hosts rather than the host/ip in plaintext so that
> there is not an immediate list of candidate machines to crack once an
> account is compromised. in the case of possible key-compromise, anything
> that slows down the attack long enough for you to hear about it and
> re-key is a good thing.  Plus, as a privacy thing, one might not want a
> list of the machines they connect to so obviously logged.

I don't think that this would by you much - if an attacker has root on a 
machine, they can trawl lastlog, shell history files, netstat and ps to 
find this information pretty quickly. 

I'd instead recommend that you encourage the use of the "ssh-add -c" 
option for users. If they aren't running the agent on the compromised 
machine itself, then they should notice unauthorised use of the agent and 
out-of-hours key theft would be impossible.


More information about the openssh-unix-dev mailing list