[talk] ssh host keys

Eitan Adler lists at eitanadler.com
Thu Mar 21 21:16:20 EDT 2019


On Thu, 21 Mar 2019 at 18:13, Eitan Adler <lists at eitanadler.com> wrote:
>
> On Thu, 21 Mar 2019 at 15:31, Jesse Callaway <bonsaime at gmail.com> wrote:
> >
> >
> >
> > On Thu, Mar 21, 2019 at 2:50 PM Jesse Callaway <bonsaime at gmail.com> wrote:
> >>
> >> On my mac running OpenSSH_7.8p1, LibreSSL 2.6.2 connecting outbound when the host key is found to mismatch a recorded entry in known_hosts it allows me to connect.. however disables some features, notably port forwarding and agent forwarding.
> >>
> >> Removing the clashing line in ~/.ssh/known_hosts fixed this so that when I connect it allows the features.
> >>
> >> Does anyone have experience with this? Related is StrictHostKeyChecking no is set. I would expect the behavior to be binary, either I can connect or not if it *suspects* mitm.
> >>
> >> --
> >> -jesse
> >
> >
> > I'll just self-reply here. This is a bug. I could care less if it's always been like this. Does anyone have any suggestions on how to file the bug report?
>
> This is not exactly a bug. If you want to always fail, set
> StrictHostKeyChecking yes as a config values. There is no way I know
> of to always ignore (and allow e.g., port forwarding).

to answer your question directly  "openssh-unix-dev at mindrot.org"
<openssh-unix-dev at mindrot.org> or https://bugzilla.mindrot.org/


-- 
Eitan Adler



More information about the talk mailing list