LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-08-2004, 01:21 PM   #1
lthaus
LQ Newbie
 
Registered: Nov 2004
Posts: 6

Rep: Reputation: 0
ssh known_hosts question


Howdy all!

I have a large setup that has 4 accounts that are part of a family but each have a different function. To make matters more complicated, we have a LARGE number of systems that
have these 4 accounts. To help manage our ssh world I have created a master
known_hosts file that lives in a common location, with ownership of account #1

I have linked /standard/location/known_hosts /home/user[1-4]/.ssh/known_hosts

I was questioned by a co-worker that this may be less then secure. I'm a bit green on my ssh skills, but I do understand that you can use ssh-keyscan to get all the same information. Instead of 4 users known_hosts * 150+ hosts, I can have one master and 4 links on each system.
The known_hosts file is not that large, but I figure saving space and keeping everything synced up is a good thing.

Pros??

Cons???

Thanks!

V.
 
Old 12-08-2004, 09:07 PM   #2
Krugger
Member
 
Registered: Oct 2004
Posts: 229

Rep: Reputation: 30
That is where the public keys of the servers you connect are stored and when they mysteriously change you get a warning.

As you have to give write permissions to at least the group, everyone in that group can put in a bad foreign server key so that he can perform a man in the middle attack without ssh being able to detect it.

But if it is only family it isn't that much of a risk.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh question zeviddalop Linux - General 5 01-27-2005 02:24 AM
ssh-agent/ssh-add question mega Slackware 2 01-26-2005 03:09 AM
Question on SSH ? brokenflea Slackware 7 10-27-2004 09:25 AM
SSH Question... Flipper Linux - Newbie 4 07-20-2003 03:29 PM
question about ssh erikm103 Linux - General 2 03-11-2003 02:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:47 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration