[
https://issues.apache.org/jira/browse/KARAF-1506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13403915#comment-13403915
]
Guillaume Nodet commented on KARAF-1506:
----------------------------------------
I think it would be better to have the user asked for a confirmation, else it's
still a security leak.
So when we hit an unknown key, we should print the key and ask the user to
confirm it before storing it.
Also, error messages may be better printed to System.err in red (using Jansi).
Last, I think the ssh stuff is mostly used to communicate between karaf
instances, so I wonder if the known hosts file storage would be better placed
inside the etc/ folder, because if you remove your karaf installation, the key
will have changed and you'll have to delete your known host keys very often at
dev time.
> Check host keys when connecting to an ssh server using bin/client and ssh:ssh
> -----------------------------------------------------------------------------
>
> Key: KARAF-1506
> URL: https://issues.apache.org/jira/browse/KARAF-1506
> Project: Karaf
> Issue Type: Improvement
> Reporter: Guillaume Nodet
> Assignee: Christian Schneider
> Fix For: 3.0.0
>
>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
