I'm speaking at a conference next week about some software tools I've created. My laptop will be shown on a projector screen during this presentation. The presentation will be videotaped and posted on youtube. If, for some reason, I have occasion to open and edit my ~/.ssh/known_hosts
file during this presentation, should I disconnect the projector while doing so? Is there any security risk to disclosing my known_hosts file?
Ssh – security risk to disclosing your SSH known_hosts file
known-hostssshssh-keys
Related Topic
- SSH Keys – Add Correct Host Key in Known Hosts for Multiple SSH Host Keys
- Why SSH Password Authentication is a Security Risk
- SSH – Resolving Duplicate Keys in Known_Hosts for Same Server
- Linux – Temporarily ignore the `~/.ssh/known_hosts` file
- Ssh – How to save ssh-keyscan result with the port to .ssh/known_hosts
- SSH known_hosts with a dynamic IP
Best Answer
The known_hosts file contains the trusted public keys for hosts you connected to in the past. These public keys can be obtained simply by trying to connect to these hosts. Therefore it is no security risk per se.
But: It contains a history of hosts you connected to. The information may be used by a potential attacker to footprint organization infrastructure for example. Also it informs potential attackers that you probably have access to certain hosts and that stealing your laptop will give them access as well.
Edit: To avoid showing your known_hosts file i recommend you use the
ssh-keygen
utility.ssh-keygen -R ssh1.example.org
for example removes the trusted keys forssh1.example.org
from your known_hosts.