ssh known_hosts question
Howdy all!
I have a large setup that has 4 accounts that are part of a family but each have a different function. To make matters more complicated, we have a LARGE number of systems that have these 4 accounts. To help manage our ssh world I have created a master known_hosts file that lives in a common location, with ownership of account #1 I have linked /standard/location/known_hosts /home/user[1-4]/.ssh/known_hosts I was questioned by a co-worker that this may be less then secure. I'm a bit green on my ssh skills, but I do understand that you can use ssh-keyscan to get all the same information. Instead of 4 users known_hosts * 150+ hosts, I can have one master and 4 links on each system. The known_hosts file is not that large, but I figure saving space and keeping everything synced up is a good thing. Pros?? Cons??? Thanks! V. :study: |
That is where the public keys of the servers you connect are stored and when they mysteriously change you get a warning.
As you have to give write permissions to at least the group, everyone in that group can put in a bad foreign server key so that he can perform a man in the middle attack without ssh being able to detect it. But if it is only family it isn't that much of a risk. |
All times are GMT -5. The time now is 09:50 PM. |