[Bug 2400] New: StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 18 11:16:35 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2400

            Bug ID: 2400
           Summary: StrictHostKeyChecking=no behaviour on HOST_CHANGED is
                    excessively insecure
           Product: Portable OpenSSH
           Version: 6.8p1
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mik at miknet.net

The legacy behaviour of StrictHostKeyChecking=no involves allowing
connections even if the host key has changed.  What most deployments
want when they set this is just TOFU.

It is common for batch processing and cluster systems to deploy with
this option permanently set, completely undermining the security of
such systems - for example, an attacker could intercept a data
processing stage to steal a copy of all of the private data.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list