Github user necouchman commented on a diff in the pull request:
https://github.com/apache/guacamole-manual/pull/89#discussion_r202974304
--- Diff: src/chapters/configuring.xml ---
@@ -2704,6 +2726,31 @@ ed272546-87bd-4db9-acba-e36e1a9ca20a
<para>SSH support for Guacamole is provided by the
<package>libguac-client-ssh</package>
library, which will be installed as part of
guacamole-server if the required
dependencies are present during the build.</para>
+ <section xml:id="ssh-host-verification">
+ <title>SSH Host Verification</title>
+ <para>By default, Guacamole does not do any verification
of host identity before
+ establishing SSH connections. While this may be safe
for private and trusted
+ networks, it is not ideal for large networks with
unknown/untrusted systems,
+ or for SSH connections that traverse the Internet.
The potential exists for
+ Man-in-the-Middle (MitM) attacks when connecting to
these hosts.</para>
+ <para>Guacamole includes two methods for verifying SSH
(and SFTP) server identity
+ that can be used to make sure that the host you are
connecting to is a host
+ that you know and trust. The first method is by
reading a file in
+ GUACAMOLE_HOME call ssh_known_hosts. This file should
be in the format of
+ a standard OpenSSH known_hosts file. If the file is
not present, no
--- End diff --
Fixed.
---
