Hi, [for the archives]
Tyler J. Wagner wrote on 2012-12-11 11:08:17 +0000 [Re: [BackupPC-users] Thank you BackupPC!!!]: > [...] > Consider: > > root@venkman:~# cat /var/lib/backuppc/.ssh/config > Protocol 2 > HashKnownHosts no > StrictHostKeyChecking no actually, don't. StrictHostKeyChecking is on by default for a good reason. Without it, you're vulnerable to MITM attacks, like the message says, or in the case of BackupPC even to substitution of your backup target. You think it's ssh, but it isn't, unless you are certain that you are connecting to the correct target. I've used 'StrictHostKeyChecking no' myself, but only ever for a specific host (or config file entry) when I know *in advance* that the key will be changing legitimately. The message and the fact that ssh won't connect are a nuisance, and that's not because the authors of the software like annoying people, it's because it's crucial. The message doesn't mean "hey, you should remember to update your settings", it means "this connection is insecure (or at least can be)". Once you get into the habit of taking security lightly, you won't treat it seriously when you need to. As for HashKnownHosts, what is the point of switching it off? Try 'ssh-keygen -R host' and 'ssh-keygen -R ip'. Then again, for the backuppc user it's probably evident anyway to which hosts connections are established, so there may not be much point in hashing known_hosts. Regards, Holger ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar _______________________________________________ BackupPC-users mailing list BackupPC-users@lists.sourceforge.net List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: http://backuppc.wiki.sourceforge.net Project: http://backuppc.sourceforge.net/