On Sun, Jul 03, 2005 at 03:28:15PM +0200, Bernd Eckenfels wrote: > In article <[EMAIL PROTECTED]> you wrote: > > That's true, and unavoidable in this scheme; but the use case (beyond > > fastidiousness) for this is not clear to me. > > Well, how do you audit the files and purge stale entries.
That comes under "fastidiousness" as far as I'm concerned: the only benefits I see from bothering to do that are (a) negligible performance differences and (b) hiding of old information, which HashKnownHosts gives you anyway. I don't see how it's required for normal use. Joe User is never going to garbage-collect his known_hosts file; heck, even I have better things to do. The only time I've ever removed entries from known_hosts is when I know that a specific host's key has changed, and 'ssh-keygen -R' deals with that just fine. (Of course, people with unusual requirements can always disable HashKnownHosts, but I'm interested in a sane default.) Cheers, -- Colin Watson [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
