[Bug 2400] StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 18 16:05:29 AEST 2015


https://bugzilla.mindrot.org/show_bug.cgi?id=2400

mik at miknet.net changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mik at miknet.net

--- Comment #1 from mik at miknet.net ---
>From the man page:
If this flag is set to “no”, ssh will automatically add new host keys
to the user known hosts files.

No mention of the HOST_CHANGED behaviour, so even somebody who mostly
knows what they're doing is likely to get it wrong.  Most people who
use this option are better off with certificates now (or
StrictHostKeyChecking=yes + ssh-keyscan).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list