|
|
ssh is a secure encrypted replacement for telnet and rlogin, and we encourage all system administrators to offer ssh on any multiuser host they administer. However, some ssh installation instructions we've seen direct the administrator to run make-ssh-known-hosts as part of the ssh installation process. We ask that you NOT, repeat NOT, run make-ssh-known-hosts if/when you install ssh.
make-ssh-known-hosts attempts to walk all hosts in a given domain, retrieving the public keys from all the hosts that are running ssh in that domain.
In a relatively large network such as the University of Oregon's, that can generate a tremendous amount of unnecessary traffic, and it can also trigger intrusion logging software on many hosts as ssh connections from unexpected hosts are observed.
Because ssh will automatically accumulate public keys from the hosts you use as you connect to them, there is no need to routinely run make-ssh-known-hosts.