Not sure we are trying to protect from collisions and not from host
name's disclosure.
Of course, I shouldn't have to turn it off, because the default is
'no', I guess many distros set 'HashKnownHosts yes' in
/etc/ssh/ssh_config because they want to be seen to choose the "secure"
option by default. However the threat model seems pretty pointless to
me. If an attacker has access to my account to the level that they can
read my known_hosts file, then I have far worse problems than them
seeing a list of hostnames, which they can obtain in many other ways.
Should I care about other system users reading this info, there's always
chmod 700 (on the .ssh directory, or my whole home directory). If
known_hosts itself were created mode 600 by default, I wouldn't object.
besides from accessing "same" ips in a vlan env i see two more possibilities that might be in widespread use:
- vlan env
- administering home office (or friends') pcs
- customers accessed via (multiple) vpn
most of these will have different gateway ips. (or just different interfaces?)
so, for these users, finding the gw (eg via "ip route get <target>" as shell cmd) and combining this with the hostname/ip for the known_hosts lookup might be helpful.
with an option like
KnownHostsUseGw <host_list>
the known_host_entry might then be extended like
<known_host_entry> ":via_" <gw>
or
<known_host_entry> ":via_" <device>
[this may lead to problems with older implementations by ":<port>" confusion,
to be considered before implementation.]
accepting already existing matching entries and/or "unique" hosts:
additionally to searching "...:via_<gw>", if not found, check "<host_without_gw>"
or add option KnownHostsUseGwFallback (bool / pattern / behaviour_algo / external_cmd)?
feasible, justified, any opinions?
[side note: in combination with ansible (or other mgmt software) the installation process should be changed to record the correct (new, replaced) host keys, those then retrieved and verification NOT be turned off. might involve using ssh-keygen; complex setups should have the appropriate "gw" information.]
thank you,
mdbuerkle
--
Diese Nachricht wurde von meinem Android-Gerät mit K-9 Mail gesendet.
You haven't explicitly said what problem you're trying to solve. Is it
that two different networks you use both have a host 192.168.1.123, and
these are colliding in known_hosts? I don't really see how the gateway
comes into this; you could have two different 192.168.1.0/24 networks
both with gateway 192.168.1.1, and you may be connected directly to the LAN.
There are several solutions to this, but in any case you should be
accessing each target with a distinct name (because "ssh 192.168.1.123"
can't tell the difference between the two 192.168.1.123 hosts).
If you have names that resolve in /etc/hosts or DNS under a shared
domain, you could do this in ~/.ssh/config:
Host *.myfriend.local
UserKnownHostsFile ~/.ssh/known_hosts_myfriend ~/.ssh/known_hosts
Or you can make explicit entries for individual hosts (which is useful
to give them shortcut names anyway):
# My friend's machines
Host foo
Hostname 192.168.1.123
UserKnownHostsFile ~/.ssh/known_hosts_myfriend
Host bar
Hostname 192.168.1.124
UserKnownHostsFile ~/.ssh/known_hosts_myfriend
# Work machines
Host qux
Hostname 192.168.1.123
UserKnownHostsFile ~/.ssh/known_hosts_work
Recent versions of ssh also support "KnownHostsCommand" which can
implement more sophisticated logic of your choosing, for retrieving the
expected host keys for a given host.
HTH,
Brian.