[Bug 2894] New: Set UpdateHostKeys for interactive sessions to 'ask' (or consider defaulting to 'yes')
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Aug 11 22:08:05 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2894
Bug ID: 2894
Summary: Set UpdateHostKeys for interactive sessions to 'ask'
(or consider defaulting to 'yes')
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: db+mindrot at d1b.org
Set UpdateHostKeys for interactive invocations of ssh client to 'ask'
by default.
( Related this request, I notice that Fabric,
http://docs.fabfile.org/en/1.14/usage/ssh.html, defaults to loading and
using the known_hosts file **but** reject_unknown_hosts defaults to
false (so hosts that have never "been seen" are allowed) this combined
with Fabric seemingly preferring an rsa host key while I had an ecdsa
host key for $host would have allowed MITM attacks. )
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list