the SSH worm thing

Jesse Keating jkeating at
Wed May 11 18:56:28 UTC 2005

On Wed, 2005-05-11 at 11:45 -0700, Florin Andrei wrote:
> Correct, but the hash-armoured known_hosts file has the purpose to
> stop
> a potential SSH worm from spreading like wildfire: infect a machine,
> then in a few seconds infect a dozen more, repeat. It's the same
> exponential growth mechanism that made so dangerous some Outlook
> malware
> that were able to read the address book.
> The mechanism you describe is entirely different, it's an altogether
> different attack.

How would this hash interact with the need to modify known_hosts when
systems change and IPs have conflicting mac addresses and such?  This is
about 5 times a week for me here at work in our lab...

Jesse Keating RHCE      (
Fedora Legacy Team      (
GPG Public Key          (
Was I helpful?  Let others know:

More information about the devel mailing list