GUACAMOLE-527: Remove important tags.
Project: http://git-wip-us.apache.org/repos/asf/guacamole-manual/repo Commit: http://git-wip-us.apache.org/repos/asf/guacamole-manual/commit/d0ffb21d Tree: http://git-wip-us.apache.org/repos/asf/guacamole-manual/tree/d0ffb21d Diff: http://git-wip-us.apache.org/repos/asf/guacamole-manual/diff/d0ffb21d Branch: refs/heads/master Commit: d0ffb21da04d922bf58cb549d4fc4f9e6518119a Parents: 30e9853 Author: Nick Couchman <[email protected]> Authored: Tue Jun 26 16:53:44 2018 -0400 Committer: Nick Couchman <[email protected]> Committed: Tue Jun 26 16:53:44 2018 -0400 ---------------------------------------------------------------------- src/chapters/configuring.xml | 50 +++++++++++++++++++-------------------- 1 file changed, 24 insertions(+), 26 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/guacamole-manual/blob/d0ffb21d/src/chapters/configuring.xml ---------------------------------------------------------------------- diff --git a/src/chapters/configuring.xml b/src/chapters/configuring.xml index 827a20c..fe61cdd 100644 --- a/src/chapters/configuring.xml +++ b/src/chapters/configuring.xml @@ -2726,32 +2726,30 @@ ed272546-87bd-4db9-acba-e36e1a9ca20a <para>SSH support for Guacamole is provided by the <package>libguac-client-ssh</package> library, which will be installed as part of guacamole-server if the required dependencies are present during the build.</para> - <important> - <section xml:id="ssh-host-verification"> - <title>SSH Host Verification</title> - <para>By default, Guacamole does not do any verification of host identity before - establishing SSH connections. While this may be safe for private and trusted - networks it is not ideal for large networks with unknown/untrusted systems, - or for SSH connections that traverse the Internet. The potential exists for - Man-in-the-Middle (MitM) attacks on these types of networks.</para> - <para>Guacamole includes two methods for verifying SSH (and SFTP) server identity - for connections that can be used to make sure that the host you are - connecting to is a host that you know and trust. The first method is by - reading a file in GUACAMOLE_HOME call ssh_known_hosts. This file should be - in the format of a standard OpenSSH known_hosts file. If the file is not - present, no verification is done. If the file is present, it is read in - at connection time and remote host identities are verified against the - keys present in the file.</para> - <para>The second method for verifying host identity is by passing a connection - parameter that contains an OpenSSH known hosts entry for that specific host. - The host-key parameter is used for SSH connections, and for SFTP connections - for other protocols the sftp-host-key parameter is used. If these parameters - are not present on their respective connections no host identity verification - is performed. If the parameter is present then the identity of the remote - host is verified against the identity provided in the parameter before a - connection is established.</para> - </section> - </important> + <section xml:id="ssh-host-verification"> + <title>SSH Host Verification</title> + <para>By default, Guacamole does not do any verification of host identity before + establishing SSH connections. While this may be safe for private and trusted + networks it is not ideal for large networks with unknown/untrusted systems, + or for SSH connections that traverse the Internet. The potential exists for + Man-in-the-Middle (MitM) attacks on these types of networks.</para> + <para>Guacamole includes two methods for verifying SSH (and SFTP) server identity + for connections that can be used to make sure that the host you are + connecting to is a host that you know and trust. The first method is by + reading a file in GUACAMOLE_HOME call ssh_known_hosts. This file should be + in the format of a standard OpenSSH known_hosts file. If the file is not + present, no verification is done. If the file is present, it is read in + at connection time and remote host identities are verified against the + keys present in the file.</para> + <para>The second method for verifying host identity is by passing a connection + parameter that contains an OpenSSH known hosts entry for that specific host. + The host-key parameter is used for SSH connections, and for SFTP connections + for other protocols the sftp-host-key parameter is used. If these parameters + are not present on their respective connections no host identity verification + is performed. If the parameter is present then the identity of the remote + host is verified against the identity provided in the parameter before a + connection is established.</para> + </section> <section xml:id="ssh-network-parameters"> <title>Network parameters</title> <para>SSH connections require a hostname or IP address defining the destination
