ssh known_hosts question
I have a large setup that has 4 accounts that are part of a family but each have a different function. To make matters more complicated, we have a LARGE number of systems that
have these 4 accounts. To help manage our ssh world I have created a master
known_hosts file that lives in a common location, with ownership of account #1
I have linked /standard/location/known_hosts /home/user[1-4]/.ssh/known_hosts
I was questioned by a co-worker that this may be less then secure. I'm a bit green on my ssh skills, but I do understand that you can use ssh-keyscan to get all the same information. Instead of 4 users known_hosts * 150+ hosts, I can have one master and 4 links on each system.
The known_hosts file is not that large, but I figure saving space and keeping everything synced up is a good thing.
That is where the public keys of the servers you connect are stored and when they mysteriously change you get a warning.
As you have to give write permissions to at least the group, everyone in that group can put in a bad foreign server key so that he can perform a man in the middle attack without ssh being able to detect it.
But if it is only family it isn't that much of a risk.
|All times are GMT -5. The time now is 10:20 AM.|