search for: reject_unknown_hosts

...indrot.org Reporter: db+mindrot at d1b.org Set UpdateHostKeys for interactive invocations of ssh client to 'ask' by default. ( Related this request, I notice that Fabric, http://docs.fabfile.org/en/1.14/usage/ssh.html, defaults to loading and using the known_hosts file **but** reject_unknown_hosts defaults to false (so hosts that have never "been seen" are allowed) this combined with Fabric seemingly preferring an rsa host key while I had an ecdsa host key for $host would have allowed MITM attacks. ) -- You are receiving this mail because: You are watching the assignee of the bu...