Ubuntu, ssh, known_hosts, tab completion
I have to look this up from time to time, putting it here.
On Ubuntu, they have ‘HashKnownHosts yes’ set by default in /etc/ssh_config. This is annoying if you want to use bash completion to tab complete host names for ssh. Change that to no, and you are all set.
Can’t you just add the hosts to /etc/hosts? That increases your security, to boot!
I am not sure I follow?
Switch your bash completion to use /etc/hosts instead of ~/.ssh/known_hosts. e.g.
complete_hosts() {
COMPREPLY=( $( compgen -W ‘$( command grep -v ^# /etc/hosts )’ — ${COMP_WORDS[COMP_CWORD]} ) );
}
complete -F complete_hosts ping
complete -F complete_hosts ssh
Oh, I see. Well that’s a little less convenient. When you accept the key, it puts the ip/hostname in known_hosts for you. Less typing! :)
Plus I don’t usually put things in /etc/hosts unless I have to. I have a habit of forgetting, and then when there is DNS trouble, I sit there saying “Works fine here, must be a user error” :)
Ok, so basically you’re disabling an Ubuntu default in order to gain more convenience? But did you lose some security in doing so?
Like in Ubuntu, do they tweak your default bash_logout to remove ssh/scp/etc. entries?
Yes, there is a slight hit to security. I think it’s worth it.
No, they do not remove those that I am aware of.
there’s a good write-up on http://lwn.net/Articles/135506/
basically, use hashknownhosts and set HISTIGNORE=”ssh *:scp *” in your shell to up security.
if you use gpg-agent, you could even encrypt your ~/etc/hosts and decrypt on the fly for use in completions. ;)
Not everything is worth my time ;)