Re: Putty: StrictHostKeyChecking
- From: per@xxxxxxxxxxxx (Per Hedeland)
- Date: Thu, 28 May 2009 22:25:29 +0000 (UTC)
In article <lek*NBVHs@xxxxxxxxxxxxxxxxxxxxxxxxxxx> Jacob Nevins
How do I set StrictHostKeyChecking=no when I use Putty? Do I have to
load Cygwin and run SSH to do this?
StrictHostKeyChecking is an OpenSSH-specific configuration option. I'm
assuming that the aspect of its behaviour that you're after in PuTTY
is the automatic acceptance of unknown host keys.
This isn't possible in PuTTY. This entry in the PuTTY FAQ is relevant:
Well, the FAQ entry seems to be talking about turning off host key
checking completely, which is *never* an aspect of the behaviour of
StrictHostKeyChecking - a key mismatch will always unconditionally abort
the connection, you don't even get a chance to say "yes".
I.e. even if you have StrictHostKeyChecking=no, the potential attacker
must not "just" subvert a router, he must already have it subverted
*and* target your very first connection to a previously unknown host.
I fully understand how accepting unknown keys at all is a problem, but I
suspect that if the original ssh implementation had required
pre-configured keys, ssh would have remained an exotic technology of
mainly academic interest, instead of becoming the ubiquitous standard
that it is today. Making the equivalent of StrictHostKeyChecking=ask the
default was exactly the right tradeoff decision IMHO.
- Prev by Date: Re: sftp Authentication Issue (Unix to Windows)
- Next by Date: Re: sftp Authentication Issue (Unix to Windows)
- Previous by thread: Re: Putty: StrictHostKeyChecking
- Next by thread: libssh2 - Shell command not being acted upon