Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 1 Jul 2014 07:11:07 -0800
From: Royce Williams <>
Subject: Re: ssh known_hosts support?

On Mon, Jun 23, 2014 at 7:31 AM, Royce Williams <> wrote:
> The 'HashKnownHosts' ssh config option enables hashing of IPs and
> hostnames in the ~/.known_hosts file.  From the man page:
> Indicates that ssh(1) should hash host names and addresses when they
> are added to ~/.ssh/known_hosts. These hashed names may be used
> normally by ssh(1) and sshd(8), but they do not reveal identifying
> information should the file's contents be disclosed. The default is
> “no”. Note that existing names and addresses in known hosts files will
> not be converted automatically, but may be manually hashed using
> ssh-keygen(1). Use of this option may break facilities such as
> tab-completion that rely on being able to read unhashed host names
> from ~/.ssh/known_hosts.
> A brief description of method is at:
> The description includes using as an example:
> [quoting]
> |1|F1E1KeoE/eEWhi10WpGv4OdiO6Y=|3988QV0VE8wmZL7suNrYQLITLCg= ssh-rsa ...
> where the first part F1E1KeoE/eEWhi10WpGv4OdiO6Y= is a random salt -
> that acts as a key for the HMAC-SHA1 to hash
> [ ... snip ... ]
> #### key=`echo F1E1KeoE/eEWhi10WpGv4OdiO6Y= | base64 -d | xxd -p`
> #### echo -n "" | openssl sha1 -mac HMAC -macopt
> hexkey:$key|awk '{print $2}' | xxd -r -p|base64
> 3988QV0VE8wmZL7suNrYQLITLCg=
> [end quote]
> What would be the best path to using john for this purpose?

To clarify, I am trying to determine if john can be used to
brute-force the hashed contents of the ssh known_hosts file if the
"HashKnownHosts" option has been enabled.  This option has been
available in OpenSSH for at least a decade.  A system that I maintain
had the option enabled without my knowledge, and I would like to
explore the contents.  The openssl commandline example above should
(hopefully) capture the method used.

Here's another working example.  If the known_hosts host is 'max',
then running this script against it:

... as referenced here:

... has output of the form:


... and produces:

max |1|s078zpeKmv6WhspVeOo1p7tnDwY=|UrHkAH4ngqU2yfF6KOI02JBglvA=

Can john currently support cracking this hash (or maybe with a little
knownhosts2john development)?  If not, how much work/time might it
take, and what kind of bounty/donation might be appropriate for the


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.