Hacker News new | ask | show | jobs
by tptacek 2817 days ago
This is fun, but if you cat out your ~/.ssh/known_hosts file, you'll probably find that it's not hashed, and is just coughing up a map of your SSH relationships to anyone who can read it.

It's true though, known_hosts for pivoting is a basic network pentest trick.
2 comments
stormbrew 2817 days ago
It's been turned on by default on every ubuntu machine I've used/installed in the last few years. I believe that comes from debian [1].

So I don't think it's that unlikely that any given reader of this has it enabled, tbh.

[1] search for HashKnownHosts here: https://manpages.debian.org/jessie/openssh-client/ssh_config...

link
throwaway2048 2817 days ago
Its the default in the openBSD openssh upstream, has been for years and years.
link
jwilk 2817 days ago
Is it? https://man.openbsd.org/ssh_config#HashKnownHosts says "The default is no".
link
caf 2817 days ago
Maybe stashing a honeypot address in the known_hosts is a good idea?
link
tptacek 2817 days ago
It is, and what you're looking for is:

https://canarytokens.org/

link
helper 2816 days ago
I don't see ssh as an option there?
link
tptacek 2816 days ago
You'd use a DNS canary.
link
helper 2816 days ago
Got it. Thanks.
link