Return to the archive index
From: kayodeok <news4kayode@btopenworld.com> Date: Sat, 21 May 2005 19:52:28 +0100 Newsgroups: grc.linkfarm,grc.security,grc.techtalk.cryptography Protecting SSH from known_hosts Address Harvesting http://nms.csail.mit.edu/projects/ssh/ If you use SSH, your ssh client stores within your home directory a list that maps the host names and IP addresses of every remote host you have connected to with each host's public key. This database, known as known_hosts file, has been used by attackers who compromise user accounts, steal passwords and identity keys, and then use the list of hosts to identify targets on which the same password or key can be used to compromise additional accounts. It is also possible that worms could use known_hosts data to identify new targets.
From Usenet Articles Archive (UAA)
Maintained by gwl
gwl At Home