Nmap Development mailing list archives
Re: ssh-hostkey enhancement
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Thu, 26 Sep 2013 12:25:29 +0200
2013/9/21 Patrick Donnelly <batrick () batbytes com>:
On Fri, Sep 20, 2013 at 3:39 PM, Patrick Donnelly <batrick () batbytes com> wrote:On Thu, Sep 19, 2013 at 5:40 PM, Fyodor <fyodor () nmap org> wrote:Hi George. This is a neat feature but my initial thought is that if added to trunk, it should probably be off by default. Users who want it could then set known-hosts. Then again, if there are folks who would like to have it on by default, now is a good time to speak up.I told George to write it this way. I can understand hesitation towards reading ~/.ssh/known_hosts. My opinion is that this is a harmless improvement. However, I'm okay with this being turned on by the user although I worry the script's enhanced functionality won't see use as a result.Another option, possibly in addition to ~/.ssh/known_hosts, is to have a persistent ~/.nmap/known_hosts (?) so the user can track changes in ssh host keys. This has the benefit of not adding/reading the user's known_hosts file while giving Nmap a place to put keys it finds for future scans. -- Patrick Donnelly _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
After reading the Mariusz "mzet" Ziulek's post ( http://seclists.org/nmap-dev/2013/q3/638 ) I just had the thought that if the feature's going to be disabled by default, it probably somehow should give the user the hint that it can be turned on. Perhaps a message in the debug/verbose mode for example? Like when there are no hosts found, to let the user know that she can possibly expand the results? _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssh-hostkey enhancement George Chatzisofroniou (Sep 16)
- Re: ssh-hostkey enhancement Fyodor (Sep 19)
- Re: ssh-hostkey enhancement Jacek Wielemborek (Sep 19)
- Re: ssh-hostkey enhancement David Fifield (Sep 19)
- Re: ssh-hostkey enhancement George Chatzisofroniou (Sep 20)
- Re: ssh-hostkey enhancement Patrick Donnelly (Sep 20)
- Re: ssh-hostkey enhancement Patrick Donnelly (Sep 20)
- Re: ssh-hostkey enhancement Jacek Wielemborek (Sep 26)
- Re: ssh-hostkey enhancement George Chatzisofroniou (Sep 26)
- Re: ssh-hostkey enhancement Jacek Wielemborek (Sep 26)
- Re: ssh-hostkey enhancement Jacek Wielemborek (Sep 19)
- Re: ssh-hostkey enhancement Fyodor (Sep 19)