Displaying 1 result from an estimated 1 matches for "miknet".
2015 May 18
32
[Bug 2400] New: StrictHostKeyChecking=no behaviour on HOST_CHANGED is excessively insecure
...nsecure
Product: Portable OpenSSH
Version: 6.8p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mik at miknet.net
The legacy behaviour of StrictHostKeyChecking=no involves allowing
connections even if the host key has changed. What most deployments
want when they set this is just TOFU.
It is common for batch processing and cluster systems to deploy with
this option permanently set, completely underminin...