[Bug 2822] New: manpage: trojan horse vs. man-in-the-middle

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jan 23 16:21:16 AEDT 2018


            Bug ID: 2822
           Summary: manpage: trojan horse vs. man-in-the-middle
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: maikel at predikkta.com


The `ssh_config` man page may be slightly confusing about
StrictHostKeyChecking. I found this sentence:

    This provides maximum protection against trojan horse attacks

I always thought the option protects against man-in-the-middle attacks.
I think if the user or the server is compromised via a trojan horse,
the connection is most likely compromised as well, regardless of host
key checking.

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list