Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HashKnownHosts set to yes #115

Closed
Kataane opened this issue Feb 23, 2024 · 4 comments
Closed

HashKnownHosts set to yes #115

Kataane opened this issue Feb 23, 2024 · 4 comments

Comments

@Kataane
Copy link

Kataane commented Feb 23, 2024

Thanks for all your hard work.

I would like to clarify that nowhere did I find mention of HashKnownHosts and that it is better to set HashKnownHosts yes in ssh_config.

This is especially important when using public keys instead of password login. For example, if a server is used as a point of entry to another server via ssh.

You can read more about this in:
mozilla OpenSSH server.
mit edu about sshworm
linux-audit
serverfault

Maybe this will be useful to someone.
imthenachoman added a commit that referenced this issue Feb 24, 2024
@imthenachoman
Update README.md
f34170e 
#115
@imthenachoman
Copy link
Owner

Good catch. I'll add. Thanks.

@klnstprx
Copy link

klnstprx commented Mar 5, 2024
edited
Loading

Adding this line to /etc/ssh/sshd_config does not work for me:

sudo service sshd restart

Job for ssh.service failed because the control process exited with error code.
See "systemctl status ssh.service" and "journalctl -xeu ssh.service" for details.

systemctl status ssh.service

× ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Tue 2024-03-05 00:05:22 UTC; 11s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 11172 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=255/EXCEPTION)
        CPU: 12ms

Mar 05 00:05:22 servertosh systemd[1]: ssh.service: Scheduled restart job, restart counter is at 5.
Mar 05 00:05:22 servertosh systemd[1]: Stopped OpenBSD Secure Shell server.
Mar 05 00:05:22 servertosh systemd[1]: ssh.service: Start request repeated too quickly.
Mar 05 00:05:22 servertosh systemd[1]: ssh.service: Failed with result 'exit-code'.
Mar 05 00:05:22 servertosh systemd[1]: Failed to start OpenBSD Secure Shell server.

sudo /usr/sbin/sshd -T

/etc/ssh/sshd_config: line 84: Bad configuration option: HashKnownHosts
/etc/ssh/sshd_config: terminating, 1 bad configuration options

removing it fixes the problem.

I think it is supposed to go into /etc/ssh/ssh_config

@imthenachoman
Copy link
Owner

Maybe only some versions support the config? When I man sshd_config, I do not see HashKnownHosts as an option?

@imthenachoman
Copy link
Owner

So this is an SSH client configuration, not a SSH server configuration. It is for /etc/ssh/ssh_config.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@imthenachoman @Kataane @klnstprx