SSH HashKnownHosts File Format

The HashKnownHosts option to the OpenSSH client causes it obfuscate the host field of the ~/.ssh/known_hosts file. Obfuscating this information makes it harder for threat actors (malware, border searches, etc...) to know which hosts you connect to via SSH.

Hashing defaults to off, but some platforms turn it on for you:

 chris:~$ grep Hash /etc/ssh/ssh_config   
   HashKnownHosts yes  
 chris:~$

Here's an entry from my known_hosts file:

 |1|NWpzcOMkWUFWapbQ2ubC4NTpC9w=|ixkHdS+8OWezxVQvPLOHGi2Oawo= ecdsa-sha2-nistp256 AAAAE2Vj<...>ZHNLpyJsv

There's one record per line, with the fields separated by spaces. The first field is the remote host (SSH server) identifier.

In this case, the leading characters |1| in the host identifier are the magic string (HASH_MAGIC). It tells us that the field is hashed, rather than a plaintext hostname (or address). The remaining characters in the field comprise two parts: a 160-bit salt (random string) and a 160-bit SHA1 hash result. Both values are base64 encoded.

The various OpenSSH binaries that use information in this file feed both the remote hosts name (or address) and the salt to the hashing function in order to produce the hash result:


So, lets validate a host entry against this record the hard way. The entry above is for an IP address: Continue reading

IDG Contributor Network: Minimum viable operations: Failure IS an option in a networked world

In the world of ever-more complex systems, there is nothing more fragile than an attempt to make nothing fail. A system that assumes that everything must work is a system designed to fail. The reality of the world is that things will fail, and those cannot bring down the whole business. As British Airways has amply demonstrated, a fragile system where everything fails is not good for business.Many years ago I wrote some posts on the challenges of five nines in a distributed world, and as systems become ever more about delivering functionality through a combination of services, micro-services and networks so the importance of designing for failure becomes ever more important, and the foundation of designing for failure is assuming it will happen.To read this article in full or to leave a comment, please click here

IDG Contributor Network: Minimum viable operations: Failure IS an option in a networked world

In the world of ever-more complex systems, there is nothing more fragile than an attempt to make nothing fail. A system that assumes that everything must work is a system designed to fail. The reality of the world is that things will fail, and those cannot bring down the whole business. As British Airways has amply demonstrated, a fragile system where everything fails is not good for business.Many years ago I wrote some posts on the challenges of five nines in a distributed world, and as systems become ever more about delivering functionality through a combination of services, micro-services and networks so the importance of designing for failure becomes ever more important, and the foundation of designing for failure is assuming it will happen.To read this article in full or to leave a comment, please click here

Supporting Internet Development in The Gambia

Dawit Bekele, the Internet Society’s Regional Bureau Director for Africa, paid a visit to The Gambia from 17-18 September 2017. This was the first time a senior Internet Society staff visited The Gambia with the intention of meeting Internet Society Gambia chapter leadership, members, and local partners. The aim was to discuss our past and future plans for more engagement and future Internet development. It was also an opportunity to raise the profile of the Internet Society Gambia Chapter.

During his short visit, Dawit Bekele and the Internet Society Gambia chapter executives took the opportunity to meet with the Minister, Ministry of Information and Communication Infrastructure (MOICI), Honorable Demba Jawo.

The team also visited and met with the Management of The Gambia’s Public Utilities and Regulatory Agency (PURA) as well as the Chairperson of the Serrekunda Internet Exchange Point SIXP, Mrs. Isatou Jah. Among the topics discussed was the way forward in fostering partnership with local stakeholders in supporting Internet development, security, and capacity building.

The official visit was preceded by a visit to the Internet Society Gambia office where the team met with the Director General of The Association of Non-Governmental Organizations (TANGO), Mr. Ousman Yabo, and toured the Continue reading

IDG Contributor Network: What you’ll need when the big Internet of Things breakout occurs

The Internet of Things (IoT) sometimes has the feel of a trend that’s forever going to be on the cusp of a huge breakout. Figures fly around about the projected size of the IoT and they’re always massive (such as the 50 billion devices Cisco predicted by 2020). But the number of things in the IoT is already counted in the 8 billion to 15 billion range. So, shouldn’t we be seeing more from the IoT by now? Based on what leaders are saying in a survey commissioned by Verizon, we soon will.To read this article in full or to leave a comment, please click here

IDG Contributor Network: What you’ll need when the big Internet of Things breakout occurs

The Internet of Things (IoT) sometimes has the feel of a trend that’s forever going to be on the cusp of a huge breakout. Figures fly around about the projected size of the IoT and they’re always massive (such as the 50 billion devices Cisco predicted by 2020). But the number of things in the IoT is already counted in the 8 billion to 15 billion range. So, shouldn’t we be seeing more from the IoT by now? Based on what leaders are saying in a survey commissioned by Verizon, we soon will.To read this article in full or to leave a comment, please click here

IDG Contributor Network: What you need when the big breakout for the Internet of Things arrives

The Internet of Things (IoT) sometimes has the feel of a trend that’s forever going to be on the cusp of a huge breakout. Figures fly around about the projected size of the IoT and they’re always massive (such as the 50 billion devices Cisco predicted by 2020). But the number of things in the IoT is already counted in the 8 billion to 15 billion range. So, shouldn’t we be seeing more from the IoT by now? Based on what leaders are saying in a survey commissioned by Verizon, we soon will.To read this article in full or to leave a comment, please click here

IDG Contributor Network: What you need when the big breakout for the Internet of Things arrives

The Internet of Things (IoT) sometimes has the feel of a trend that’s forever going to be on the cusp of a huge breakout. Figures fly around about the projected size of the IoT and they’re always massive (such as the 50 billion devices Cisco predicted by 2020). But the number of things in the IoT is already counted in the 8 billion to 15 billion range. So, shouldn’t we be seeing more from the IoT by now? Based on what leaders are saying in a survey commissioned by Verizon, we soon will.To read this article in full or to leave a comment, please click here

Update: Arista Data Center Switches

In the past 5+ years I ran at least one Data Center Fabrics Update webinar per year to cover new hardware and software launched by data center switching vendors.

The rate of product and feature launches in data center switching market is slowing down, so I decided to insert the information on new hardware and software features launched in 2017 directly into the merged videos describing the progress various vendors made in the last years.

First in line: Arista EOS. You can access the videos if you bought the webinar recording in the past or if you have an active ipSpace.net subscription.

Oracle Emulates Google, AWS On Its Cloud

During the dot-com boom, when Oracle was the dominant supplier of relational databases to startups and established enterprises alike, it used its profits to fund the acquisition of application serving middleware, notably BEA WebLogic, and then applications, such as PeopleSoft and Siebel, and then Java and hardware systems, from its acquisition of Sun Microsystems. It was an expensive proposition, but one that paid off handsomely for the software giant.

In the cloud and hyperscale era, open source middleware is the driving force and in a lot of cases there is nothing to acquire. Projects either go open themselves or are

Oracle Emulates Google, AWS On Its Cloud was written by Timothy Prickett Morgan at The Next Platform.

The Most Important Participant in the Internet Ecosystem

The Internet is borderless, decentralised and indiscriminate, and it can empower people across class, colour and social status. But one question has always intrigued me: How can the universality of the Internet be ensured and sustained? I received the theoretical response to this question at the Pakistan School on Internet Governance in 2016 where I learned about the multistakeholder model and community-driven approaches to addressing the broad range of complex issues of the Internet ecosystem. Being part of a telecom regulator in South Asia that generally follows the chain of command, the idea of inclusive policies and programmes was truly a revelation. I decided to explore further and applied for a fellowship to the 2017 Asia-Pacific Regional Internet Governance Forum (APrIGF) and the Asia-Pacific School on Internet Governance (APSIG).

APSIG kicked off on 22 July, followed by APrIGF that ended on 29 July in the beautiful city of Bangkok, Thailand. APSIG had a fantastic line up of speakers that touched upon advanced topics like the Internet governance ecosystem, data governance, cybersecurity, Internet of Things governance, gender equality and the digital economy. The learnings I gained from APSIG laid an ideal foundation for me to contribute to Continue reading

1 1,892 1,893 1,894 1,895 1,896 3,856