[nycbug-talk] Analyzing malicious SSH login attempts
George Georgalis
george at galis.org
Thu Sep 14 07:48:41 EDT 2006
On Wed, Sep 13, 2006 at 10:37:17AM -0400, Okan Demirmen wrote:
>On Tue 2006.09.12 at 13:24 -0400, George Georgalis wrote:
>> There was some resolution (at openbsd I think) to encrypt
>> the known_hosts entries with the remote host public key;
>> so if your authentication was compromised, at least there
>> wouldn't be a list a hosts for the attacker to look up.
>> But I've not seen it in my OS yet.
>
>man ssh_config - see HashKnownHosts
nice, looks like it is in my upgrade path.
has there been any discussion of hashing .ssh/config?
maybe requiring a private key and passphrase/agent?
// George
--
George Georgalis, systems architect, administrator <IXOYE><
More information about the talk
mailing list