You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On connecting to an address for which an SSH client has no known host key, it will prompt the user whether it wants to allow-list that key; subsequent connections to that address will fail if the server fails to present the same identity.
By setting StrictHostKeyChecking to no, the target code disables host key checking in the client. As a result, it will never check the identity of the server either on its first or subsequent connections. An attacker on the network will therefore be able to spoof a bastion or remote host (depending on network position) at any time (as opposed to just during the first connection) and a victim will have no way to detect this attack.
The text was updated successfully, but these errors were encountered:
abbashus
added a commit
to abbashus/project-website-search
that referenced
this issue
Nov 8, 2021
On connecting to an address for which an SSH client has no known host key, it will prompt the user whether it wants to allow-list that key; subsequent connections to that address will fail if the server fails to present the same identity.
By setting
StrictHostKeyChecking
tono
, the target code disables host key checking in the client. As a result, it will never check the identity of the server either on its first or subsequent connections. An attacker on the network will therefore be able to spoof a bastion or remote host (depending on network position) at any time (as opposed to just during the first connection) and a victim will have no way to detect this attack.The text was updated successfully, but these errors were encountered: