- djm@cvs.openbsd.org 2005/03/01 10:40:27

     [hostfile.c hostfile.h readconf.c readconf.h ssh.1 ssh_config.5]
     [sshconnect.c sshd.8]
     add support for hashing host names and addresses added to known_hosts
     files, to improve privacy of which hosts user have been visiting; ok
     markus@ deraadt@

1 files changed, 16 insertions, 1 deletions

diff --git a/ssh_config.5 b/ssh_config.5
index 6b6cfc5e..9077acbe 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.43 2005/03/01 10:09:52 djm Exp $
+.\" $OpenBSD: ssh_config.5,v 1.44 2005/03/01 10:40:27 djm Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -407,6 +407,21 @@ Forward (delegate) credentials to the server.
 The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
+.It Cm HashKnownHosts
+Indicates that
+.Nm ssh
+should hash host names and addresses when they are added to
+.Pa $HOME/.ssh/known_hosts .
+These hashed names may be used normally by
+.Nm ssh
+and
+.Nm sshd ,
+but they do not reveal identifying information should the file's contents
+be disclosed.
+The default is
+.Dq no .
+Note that hashing of names and addresses will not be retrospectively applied 
+to existing known hosts files.
 .It Cm HostbasedAuthentication
 Specifies whether to try rhosts based authentication with public key
 authentication.