Why is exposing known_hosts dangerous

I have been looking into automating builds using GIT and docker. One of the tools I find useful is ssh-keyscan which adds the result to known_hosts and allows you to bypass the ‘fingerprint’ prompt when cloning a repository for the first time.

I read a comment which pretty much says that exposing this file is dangerous. I thought keyscan just adds a bunch of public keys to your known_hosts file. Why is this dangerous if anyone sees this – can they not get the exact same public keys using the same tool?

  • node.js proxy app in docker behind nginx proxy
  • Trouble setting up LDAPS for login in Sonarqube Docker container
  • Unrecognized argument format hosting.ini
  • Obtaining mapped port from within docker container
  • IBM Bluemix: Not able to mount the MongoDB container “/data/db” on the Bluemix host volume
  • Docker Compose stuck downloading or pulling fs layer
  • I would have thought that in the link, adding a private ssh key to the docker container would be the dangerous part since this is the part you aren’t meant to share.

  • docker start a container after stopping
  • Problems accessing multiple docker containers remotely
  • How to move docker containers using device mapper to another machine without using docker commands
  • Assigning a docker container a static private ip to access it without port forwarding
  • Docker “Sharing Dependencies”
  • What's Docker easiest way to deploy Rails on production?
  • Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.