[
https://issues.apache.org/jira/browse/ACCUMULO-3719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14487675#comment-14487675
]
Christopher Tubbs commented on ACCUMULO-3719:
---------------------------------------------
Are we absolutely sure it is a good idea to make this the default? host key
checks are the only mechanism ssh has to protect against man-in-the-middle
attacks, and a user doing testing could be just as vulnerable to attacks as any
other ssh situation, I would imagine.
Because the default setting is "ask", which can create problems in this
situation, perhaps a better default would be to secure it with setting it to
"yes" instead. At least, then, a user gets a clear error message, and the
mitigation is simple enough: preload the known_hosts before running the cluster
tests.
Perhaps setting this to "no" is fine... I just want to double-check and make
absolutely sure we're confident this is an okay thing to do in this situation.
> Disable strict host key checking for standalone SSH'ing.
> --------------------------------------------------------
>
> Key: ACCUMULO-3719
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3719
> Project: Accumulo
> Issue Type: Bug
> Components: test
> Reporter: Josh Elser
> Assignee: Josh Elser
> Fix For: 1.7.0, 1.6.3
>
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Leaving strict host key checking enabled is likely to cause more problems
> than it's worth, mostly due to the default required prompt.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
