Re: ssh-hostkey enhancement

[Fyodor <fyodor () nmap org>]

On Mon, Sep 16, 2013 at 2:17 PM, George Chatzisofroniou
<sophron () latthi com>wrote:

> This enhancement makes a comparison with your known-hosts file. The
> new part of the output looks like this:
>
> PORT   STATE SERVICE REASON
> 22/tcp open  ssh     syn-ack
> | ssh-hostkey: Key comparison with known_hosts file:
> | GOOD Matches in known_hosts file:
> | L7: 195.19.117.60
> | L11: foo
> | L15: bar
> | L19: <unknown>
> | WRONG Matches in known_hosts file:
> | L3: 195.19.117.61
>
> This behavior is enabled by default. You can turn it off by setting
> the 'known-hosts' option to false.
>
> The script is smart enough to know where to find your known hosts
> file. It first checks the 'known-hosts-file' option. If it is not set,
> it looks in the ssh config file and parses the "UserKnownHostsFile"
> directive. If it can't find this directive, it simply looks for the
> file in your ~/.ssh/ folder.

Hi George.  This is a neat feature but my initial thought is that if added
to trunk, it should probably be off by default.  Users who want it could
then set known-hosts.  Then again, if there are folks who would like to
have it on by default, now is a good time to speak up.

Also, the output above does not show the actual host key fingerprint.  But
that's the main point of the current script.  Here's the current script's
output against scanme.nmap.org:

22/tcp open  ssh     OpenSSH 5.3p1 Debian 3ubuntu7 (Ubuntu Linux; protocol
2.0)
| ssh-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
|_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)

Cheers,
-F
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/