#1203 Hash the hostname/port information in the known_hosts file.
Closed: Fixed None Opened 7 years ago by asn.

Last week I discussed the SSH known_hosts work with Honza. I thought about the stuff on the weekend. The plan is to have a global known_hosts file which gets written by sssd. This means that all users on this system have access which means reveal information to a lot of people who might not have this detailed information. So the hostnames should be stored hashed in the known_hosts file.

This way they do not reveal identifying information should the file's contents be disclosed. OpenSSH supports hashing since quite some time now.

Normally it looks like this:

|1|dTVaYG/giqH3nvoLfGECyOsiMDs=|RzAc9qu1lG+3ZtajFbaVuL02SZA= ssh-rsa ...
|1|base64(salt)|base64(hash)|

Here is some pseudo code for comparing it:

match_hashed_host(hostname, sourcehash) {

salt = base64_decode(sourcehash + 3)
hash = base64_decode(sourehash + strlen(salthash))

mac = sha1_hmac(hostname, salt)

if (mac == hash)
  woohoo
else
  cry
}

Fields changed

description: Last week I discussed the SSH known_hosts work with Honza. I thought about the stuff on the weekend. The plan is to have a global known_hosts file which gets written by sssd. This means that all users on this system have access which means reveal information to a lot of people who might not have this detailed information. So the hostnames should be stored hashed in the known_hosts file.
This way they do not reveal identifying information should the file's contents be disclosed. OpenSSH supports hashing since quite some time now.

Normally it looks like this:

|1|dTVaYG/giqH3nvoLfGECyOsiMDs=|RzAc9qu1lG+3ZtajFbaVuL02SZA= ssh-rsa ...
|1|base64(salt)|base64(hash)|

Here is some pseudo code for comparing it:

match_hashed_host(hostname, sourcehash) {

salt = base64_decode(sourcehash + 3)
hash = base64_decode(sourehash + strlen(salthash))

mac = sha1_hmac(hostname, salt)

if (mac == hash)
woohoo
else
cry
}
=> Last week I discussed the SSH known_hosts work with Honza. I thought about the stuff on the weekend. The plan is to have a global known_hosts file which gets written by sssd. This means that all users on this system have access which means reveal information to a lot of people who might not have this detailed information. So the hostnames should be stored hashed in the known_hosts file.

This way they do not reveal identifying information should the file's contents be disclosed. OpenSSH supports hashing since quite some time now.

Normally it looks like this:
{{{
|1|dTVaYG/giqH3nvoLfGECyOsiMDs=|RzAc9qu1lG+3ZtajFbaVuL02SZA= ssh-rsa ...
|1|base64(salt)|base64(hash)|
}}}
Here is some pseudo code for comparing it:

{{{
match_hashed_host(hostname, sourcehash) {

salt = base64_decode(sourcehash + 3)
hash = base64_decode(sourehash + strlen(salthash))

mac = sha1_hmac(hostname, salt)

if (mac == hash)
woohoo
else
cry
}
}}}

Fields changed

milestone: SSSD SSH Cleanup => SSSD 1.9 beta

Fields changed

owner: somebody => jcholast
status: new => assigned

Fields changed

patch: 0 => 1

Fixed by:
- b35f20c
- 4fa3ef8

resolution: => fixed
status: assigned => closed

Metadata Update from @asn:
- Issue assigned to jcholast
- Issue set to the milestone: SSSD 1.9.0 beta 1

2 years ago

Login to comment on this ticket.

Metadata