SSH host key check #609
Open
SSH host key check #609
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Strictly speaking, implementing TOFU would be the better fix and more in line with user expectations around SSH, but given that it would be more complex and user would have to touch their config anyway (to add persistent storage for the known hosts db) it didn't seem worth it to me. Let me know if you prefer that route. |
tribut
force-pushed
the
ssh-check-host-key
branch
from
d0f6e7e to
ff2b617
Compare
|
For reference, there is a similar fix in this commit, which is not on the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allows specifying the SSH host key as follows:
(key can be found in
/etc/ssh/ssh_host_*.pubon the server)The change is backwards-compatible and fixes #602 (GHSA-qpgw-j75c-j585).
If there is interest in this patch, I can update the documentation accordingly.