Fedora's ssh known hosts file
Till Maas
opensource at till.name
Fri Aug 13 19:53:14 UTC 2010
On Tue, Aug 10, 2010 at 09:07:21AM -0600, Stephen John Smoogen wrote:
> On Sun, Aug 8, 2010 at 14:04, Matt McCutchen <matt at mattmccutchen.net> wrote:
> > On Thu, 2010-08-05 at 22:23 +0200, Till Maas wrote:
> >> Yes ssh is secure if used properly. To get the proper known_hosts entry,
> >> one has to download https://admin.fedoraproject.org/ssh_known_hosts btw.
> >
> > I'm very glad to see that Fedora provides such a list. I just installed
> > it on my computer (after filtering out hostnames not ending with
> > fedoraproject.org, for obvious reasons).
> >
> > Is it documented anywhere? For full security, every packager should
> > install it rather than allowing ssh to add host keys on first use.
>
> Well I am not sure that file would be all that useful as it contains
> lots of hosts a packager would not get to AND could conflict with
> other networks as it contains a lot of 10.X.X. and 192.X.X. ips. It
> also gets updated from time to time as we rebuild hosts.
I cleaned up my tools to manage the fedora ssh known hosts file and
copied it to fedorapeople.org:
http://till.fedorapeople.org/files/fedora-ssh-known-hosts/
It allows to easily update the file and to filter out unwanted entries.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20100813/05e228ac/attachment-0001.bin
More information about the devel
mailing list