From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!not-for-mail
From: Phil Hagelberg <phil@evri.com>
Newsgroups: gmane.emacs.devel
Subject: Re: Pcompletion for ssh and scp
Date: Wed, 05 Dec 2007 12:16:29 -0800
Message-ID: <85zlwolwwy.fsf@evri.com>
References: <85d4tmm6pc.fsf@evri.com> <jwvd4tl51w8.fsf-monnier+emacs@gnu.org>
NNTP-Posting-Host: lo.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: ger.gmane.org 1196885812 23146 80.91.229.12 (5 Dec 2007 20:16:52 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Wed, 5 Dec 2007 20:16:52 +0000 (UTC)
Cc: emacs-devel@gnu.org
To: Stefan Monnier <monnier@iro.umontreal.ca>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed Dec 05 21:17:02 2007
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([199.232.76.165])
	by lo.gmane.org with esmtp (Exim 4.50)
	id 1J00fw-0008BU-Sm
	for ged-emacs-devel@m.gmane.org; Wed, 05 Dec 2007 21:16:57 +0100
Original-Received: from localhost ([127.0.0.1] helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43)
	id 1J00fg-0002wy-2G
	for ged-emacs-devel@m.gmane.org; Wed, 05 Dec 2007 15:16:40 -0500
Original-Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1J00fc-0002tT-4G
	for emacs-devel@gnu.org; Wed, 05 Dec 2007 15:16:36 -0500
Original-Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1J00fa-0002pG-C9
	for emacs-devel@gnu.org; Wed, 05 Dec 2007 15:16:35 -0500
Original-Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1J00fa-0002p5-0G
	for emacs-devel@gnu.org; Wed, 05 Dec 2007 15:16:34 -0500
Original-Received: from sd-green-bigip-83.dreamhost.com ([208.97.132.83]
	helo=spunkymail-a18.g.dreamhost.com)
	by monty-python.gnu.org with esmtp (Exim 4.60)
	(envelope-from <phil@evri.com>) id 1J00fZ-00059o-MC
	for emacs-devel@gnu.org; Wed, 05 Dec 2007 15:16:33 -0500
Original-Received: from imp (dsl081-164-013.sea1.dsl.speakeasy.net [64.81.164.13])
	by spunkymail-a18.g.dreamhost.com (Postfix) with ESMTP id 8ACD15B534;
	Wed,  5 Dec 2007 12:16:29 -0800 (PST)
In-Reply-To: <jwvd4tl51w8.fsf-monnier+emacs@gnu.org> (Stefan Monnier's message
	of "Tue, 04 Dec 2007 21:10:34 -0500")
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.0.50 (gnu/linux)
X-detected-kernel: by monty-python.gnu.org: Linux 2.4-2.6
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <http://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Xref: news.gmane.org gmane.emacs.devel:84744
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/84744>

Stefan Monnier <monnier@iro.umontreal.ca> writes:

> All my known_hosts files have "hostnames" that are encoded in the
> following way:
>
>    |1|bXOTR5GrVkVH4ABavbfZ7f2G0EQ=|drXHp56kwVXBTdc/f92649SXiTw=
>
> I don't know how widespread this is, but I haven't made anything special
> to get them: I'm using the standard Debian package without any special
> configuation in this respect, so for your feature to be useful I think
> it needs to handle this case.

Yeah, I mentioned this in the header of the file but forgot to include a
note in my email:

;;; Commentary:

;; This will allow eshell to autocomplete SSH hosts from the list of
;; known hosts in your ~/.ssh/known_hosts file. Note that newer
;; versions of ssh hash the hosts by default to prevent Island-hopping
;; SSH attacks. (https://itso.iu.edu/Hashing_the_OpenSSH_known__hosts_File)
;; You can disable this by putting the following line in your ~/.ssh/config
;; file following the "Host *" directive:

;; HashKnownHosts no

;; Note that this will make you vulnerable to the Island-hopping
;; attack described in the link above if you allow key-based
;; passwordless logins and your account is compromised.

I don't think there's any way to "handle this case" other than making
the user turn off the "hash all hostnames" feature since it is meant to
be one-way to prevent island-hopping attacks. I would like to remove
hashed entries, but I'm not sure if there's a reliable programmatic way
to distinguish them from actual hostnames. I suppose it could assume
that any entry over a certain length is likely to be garbage, but I'd
rather not do that if there's a better way. Any suggestions?

It's a simple fix, but it requires user intervention. I think recent
Debians and derivatives hash by default; not sure what else does.

-Phil