Enable StrictHostKeyChecking for SSH connection to nodes #29
Comments
abbashus
added a commit
to abbashus/project-website-search
that referenced
this issue
Nov 8, 2021
Signed-off-by: Abbas Hussain <abbas_10690@yahoo.com>
abbashus
added a commit
that referenced
this issue
Nov 10, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On connecting to an address for which an SSH client has no known host key, it will prompt the user whether it wants to allow-list that key; subsequent connections to that address will fail if the server fails to present the same identity.
By setting
StrictHostKeyCheckingtono, the target code disables host key checking in the client. As a result, it will never check the identity of the server either on its first or subsequent connections. An attacker on the network will therefore be able to spoof a bastion or remote host (depending on network position) at any time (as opposed to just during the first connection) and a victim will have no way to detect this attack.The text was updated successfully, but these errors were encountered: