default /etc/ssh/ssh_config should include option HashKnownHosts for known_hosts
Many recent press reports have commented on the MIT study that analyzed the
vulnerability of networks to worms using ssh to navigate across a network.
The MIT paper is here:
And Bruce Schneier's commentary on the paper is here:
The solution to this vulnerability exists in the current version of OpenSSH, and
is controlled by the HashKnownHosts config option. The man page for ssh_config
has this to say:
Indicates that ssh should hash host names and addresses when they
are added to $HOME/.ssh/known_hosts. These hashed names may be
used normally by ssh and sshd, but they do not reveal identifying
information should the file's contents be disclosed. The default
is ``no''. Note that hashing of names and addresses will not be
retrospectively applied to existing known hosts files, but these
may be manually hashed using ssh-keygen(1).
This option should be set to 'yes' in the default Gentoo configuration for
Steps to Reproduce:
1. look at your known_hosts file
2. write worm to scan plain-text known_hosts files on a compromised machine
3. run rampant across a network
not a 'real' security issue
our default ssh_config doesnt turn on any options ... but we could easily change
any other settings to suggest defaults for ?
The defaults are fine for me except for this hash setting.
As the MIT paper and Bruce Schneier's article point out, using a Hash is a
simple effective security measure that should probably be on by default.
Hopefully someone with commit access can make and test this one-line change to
the /etc/ssh/ssh_config file.
This breaks bash-completion among other things that depend on the
existing behavior. Turn on hashing and in due time the worms out there
will adapt including a their own hashing algorithms, looking at open
sockets, .history files and many other tricks to obtain peers.
Turning the option on doesn't make you less vulnerable, it just make it a
/little/ more difficult for the worm to compute targets. So what ? They will
rely on dumber (brutescans) or smarter (bash_history, traffic analysis, delayed
propagation) methods to find the next target. On the other hand, it breaks
existing functionality (bash completion), and make us derive from upstream
default configuration (which is what people expect to find). I don't think it's
If it goes on by default in OpenSSH, then we'll keep it. Or if our OpenSSH
maintainers want it... but the security team won't pressure them to.
good thoughts, thanks