diff options
author | djm@openbsd.org <djm@openbsd.org> | 2017-09-03 23:33:13 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2017-09-04 09:38:57 +1000 |
commit | 22376d27a349f62c502fec3396dfe0fdcb2a40b7 (patch) | |
tree | 8368234874273df676d62ffab3bfc184ef58405f /ssh_config.5 | |
parent | ff3c42384033514e248ba5d7376aa033f4a2b99a (diff) |
upstream commit
Expand ssh_config's StrictModes option with two new
settings:
StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.
StrictModes=off is the same as StrictModes=no
Motivation:
StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.
Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.
At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.
bz#2400, suggested by Michael Samuel; ok markus
Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
Diffstat (limited to 'ssh_config.5')
-rw-r--r-- | ssh_config.5 | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 15ca0b4f9..3823da6f3 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: ssh_config.5,v 1.253 2017/07/23 23:37:02 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.254 2017/09/03 23:33:13 djm Exp $ |
37 | .Dd $Mdocdate: July 23 2017 $ | 37 | .Dd $Mdocdate: September 3 2017 $ |
38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -1459,9 +1459,17 @@ frequently made. | |||
1459 | This option forces the user to manually | 1459 | This option forces the user to manually |
1460 | add all new hosts. | 1460 | add all new hosts. |
1461 | If this flag is set to | 1461 | If this flag is set to |
1462 | .Cm no , | 1462 | .Dq accept-new |
1463 | ssh will automatically add new host keys to the | 1463 | then ssh will automatically add new new host keys to the user |
1464 | user known hosts files. | 1464 | known hosts files, but will not permit connections to hosts with |
1465 | changed host keys. | ||
1466 | If this flag is set to | ||
1467 | .Dq no | ||
1468 | or | ||
1469 | .Dq off , | ||
1470 | ssh will automatically add new host keys to the user known hosts files, | ||
1471 | and allow connections to hosts with changed hostkeys to proceed subject | ||
1472 | to some restrictions. | ||
1465 | If this flag is set to | 1473 | If this flag is set to |
1466 | .Cm ask | 1474 | .Cm ask |
1467 | (the default), | 1475 | (the default), |