bugzilla-daemon at mindrot.org
2025-Jan-15  13:11 UTC
[Bug 3775] New: Docs: ssh-keyscan is like `StrictHostKeyChecking=no`, but few know that.
https://bugzilla.mindrot.org/show_bug.cgi?id=3775
            Bug ID: 3775
           Summary: Docs: ssh-keyscan is like `StrictHostKeyChecking=no`,
                    but few know that.
           Product: Portable OpenSSH
           Version: 9.9p1
          Hardware: Other
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: info at thomas-guettler.de
I have seen a lot of usage of ssh-keyscan in Github Actions.
This is like using `StrictHostKeyChecking=no`, but only few people
seem to realize that.
Man-in-the-middle attacks are possible if you use ssh-keyscan.
Please update the man page and the `--help` output and mention that.
-- 
You are receiving this mail because:
You are watching the assignee of the bug.
Maybe Matching Threads
- [Bug 3163] New: teach ssh-keyscan to use ssh_config (plus options like ProxyJump)
- [Bug 3753] New: ssh-keygen and ssh-keyscan prints SHA1 SSHFP digest by default
- [Bug 1565] New: ssh-keyscan doesn't like comment-lines
- [Bug 1993] ssh tries to add keys to ~/.ssh/known_hosts though StrictHostKeyChecking yes is set
- [Bug 3746] New: ssh-keyscan output format is not compatible with ssh-keygen -s