[talk] ssh host keys

Eitan Adler lists at eitanadler.com
Thu Mar 21 21:13:30 EDT 2019


On Thu, 21 Mar 2019 at 15:31, Jesse Callaway <bonsaime at gmail.com> wrote:
>
>
>
> On Thu, Mar 21, 2019 at 2:50 PM Jesse Callaway <bonsaime at gmail.com> wrote:
>>
>> On my mac running OpenSSH_7.8p1, LibreSSL 2.6.2 connecting outbound when the host key is found to mismatch a recorded entry in known_hosts it allows me to connect.. however disables some features, notably port forwarding and agent forwarding.
>>
>> Removing the clashing line in ~/.ssh/known_hosts fixed this so that when I connect it allows the features.
>>
>> Does anyone have experience with this? Related is StrictHostKeyChecking no is set. I would expect the behavior to be binary, either I can connect or not if it *suspects* mitm.
>>
>> --
>> -jesse
>
>
> I'll just self-reply here. This is a bug. I could care less if it's always been like this. Does anyone have any suggestions on how to file the bug report?

This is not exactly a bug. If you want to always fail, set
StrictHostKeyChecking yes as a config values. There is no way I know
of to always ignore (and allow e.g., port forwarding).


-- 
Eitan Adler



More information about the talk mailing list