https://bugzilla.novell.com/show_bug.cgi?id=632713 https://bugzilla.novell.com/show_bug.cgi?id=632713#c0 Summary: SSH default now obfuscate (crypt) hostname is .ssh/know_hosts missing tools Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: All OS/Version: openSUSE 11.3 Status: NEW Severity: Major Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: bruno@ioda-net.ch QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.8) Gecko/20100723 SUSE/3.6.8-1.3 Firefox/3.6.8 In default install know_hosts are now obfuscate & encrypted. Good things for security. but we miss to give user the ability to erase a key for an existent host which we are sure we change it's key ( thing about vm etc .. ) Before the user can just edit it's file and remove the line. Now he can't find this by human way. So we must have those type of utilities as described here http://nms.lcs.mit.edu/projects/ssh/README.hashed-hosts If we don't deliver them, every user will finish by removing the security in /etc/ssh/ssh_config. Reproducible: Always Steps to Reproduce: 1. open a ssh session on a host you trust 2. accept it's public key 3. reinstall this host with a new key 4. try to open a ssh session, public keys have change, you know and accept that 5. try to retreive the older key to remove it 6. There's no way to edit or find it Actual Results: You have to remove all keys, leading to a loose in security. Expected Results: Have scripts to be able as user to manage the content of .ssh/known_hosts Have this scripts installed by default if openssh rpm is installed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.