Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: ssh-hostkey enhancement
From: Fyodor <fyodor () nmap org>
Date: Thu, 19 Sep 2013 14:40:08 -0700

On Mon, Sep 16, 2013 at 2:17 PM, George Chatzisofroniou
<sophron () latthi com>wrote:

This enhancement makes a comparison with your known-hosts file. The
new part of the output looks like this:

PORT   STATE SERVICE REASON
22/tcp open  ssh     syn-ack
| ssh-hostkey: Key comparison with known_hosts file:
| GOOD Matches in known_hosts file:
| L7: 195.19.117.60
| L11: foo
| L15: bar
| L19: <unknown>
| WRONG Matches in known_hosts file:
| L3: 195.19.117.61

This behavior is enabled by default. You can turn it off by setting
the 'known-hosts' option to false.

The script is smart enough to know where to find your known hosts
file. It first checks the 'known-hosts-file' option. If it is not set,
it looks in the ssh config file and parses the "UserKnownHostsFile"
directive. If it can't find this directive, it simply looks for the
file in your ~/.ssh/ folder.


Hi George.  This is a neat feature but my initial thought is that if added
to trunk, it should probably be off by default.  Users who want it could
then set known-hosts.  Then again, if there are folks who would like to
have it on by default, now is a good time to speak up.

Also, the output above does not show the actual host key fingerprint.  But
that's the main point of the current script.  Here's the current script's
output against scanme.nmap.org:

22/tcp open  ssh     OpenSSH 5.3p1 Debian 3ubuntu7 (Ubuntu Linux; protocol
2.0)
| ssh-hostkey: 1024 8d:60:f1:7c:ca:b7:3d:0a:d6:67:54:9d:69:d9:b9:dd (DSA)
|_2048 79:f8:09:ac:d4:e2:32:42:10:49:d3:bd:20:82:85:ec (RSA)

Cheers,
-F
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault