[IPython-dev] host completer patch

Fernando Perez fperez.net@gmail....
Mon Jul 16 12:07:44 CDT 2007


On 7/16/07, Gael Pasgrimaud <gawel@afpy.org> wrote:

> Ouch... I don't know this... I think this will break a lot of shell
> completers :(
>
> Not terribly useful for completion, I'm afraid :)
>
> Yes, but you can always put a HashKnownhosts no in your ~/.ssh/config

Which is a seriously bad idea from a security standpoint.  The hashing
of known_hosts is meant to contain the severity of a breakin of the
following type:

1. A host is compromised, and its password file taken.  The attacker
runs it through a password cracker, and then collects all the
passwords that did break.

2. The attacker inspects ~HOME/.ssh/known_hosts for all users
collected in #1, and now tries to log into other hosts with their same
passwords.  Chances are, in many cases he will succeed (people do
reuse passwords).

3. Go to 1.  The open known_hosts makes the spread of the problem
much, much faster (combined with other things, of course).


This is NOT hypothetical, in fact the only breakin I've ever been a
victim of had this pattern, and was made MUCH more serious thanks to
an unhashed known_hosts (it was an old mismanaged Solaris box, years
ago).


But we're in the business of being useful to people, not enforcing
policy on them.  I'd be happy to include your patch if you modify it
to include a docstring explaining the above, making very clear the
consequences of enabling it.  At least if people do this, they should
know *exactly* the exposure they are generating.

We will NOT enable the feature by default (since it's also quite
likely to not work in many new linux installations), but it will be
there for users who want it and are aware of the risks.

Cheers,

f


More information about the IPython-dev mailing list