https://bugzilla.mindrot.org/show_bug.cgi?id=2894
Bug ID: 2894
Summary: Set UpdateHostKeys for interactive sessions to 'ask'
(or consider defaulting to 'yes')
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Other
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-b...@mindrot.org
Reporter: db+mind...@d1b.org
Set UpdateHostKeys for interactive invocations of ssh client to 'ask'
by default.
( Related this request, I notice that Fabric,
http://docs.fabfile.org/en/1.14/usage/ssh.html, defaults to loading and
using the known_hosts file **but** reject_unknown_hosts defaults to
false (so hosts that have never "been seen" are allowed) this combined
with Fabric seemingly preferring an rsa host key while I had an ecdsa
host key for $host would have allowed MITM attacks. )
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
