diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2017-09-03 23:33:13 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2017-09-04 09:38:57 +1000 |
| commit | 22376d27a349f62c502fec3396dfe0fdcb2a40b7 (patch) | |
| tree | 8368234874273df676d62ffab3bfc184ef58405f /ssh_config.5 | |
| parent | ff3c42384033514e248ba5d7376aa033f4a2b99a (diff) | |
upstream commit
Expand ssh_config's StrictModes option with two new
settings:
StrictModes=accept-new will automatically accept hitherto-unseen keys
but will refuse connections for changed or invalid hostkeys.
StrictModes=off is the same as StrictModes=no
Motivation:
StrictModes=no combines two behaviours for host key processing:
automatically learning new hostkeys and continuing to connect to hosts
with invalid/changed hostkeys. The latter behaviour is quite dangerous
since it removes most of the protections the SSH protocol is supposed to
provide.
Quite a few users want to automatically learn hostkeys however, so
this makes that feature available with less danger.
At some point in the future, StrictModes=no will change to be a synonym
for accept-new, with its current behaviour remaining available via
StrictModes=off.
bz#2400, suggested by Michael Samuel; ok markus
Upstream-ID: 0f55502bf75fc93a74fb9853264a8276b9680b64
Diffstat (limited to 'ssh_config.5')
| -rw-r--r-- | ssh_config.5 | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/ssh_config.5 b/ssh_config.5 index 15ca0b4f9..3823da6f3 100644 --- a/ssh_config.5 +++ b/ssh_config.5 | |||
| @@ -33,8 +33,8 @@ | |||
| 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
| 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 35 | .\" | 35 | .\" |
| 36 | .\" $OpenBSD: ssh_config.5,v 1.253 2017/07/23 23:37:02 djm Exp $ | 36 | .\" $OpenBSD: ssh_config.5,v 1.254 2017/09/03 23:33:13 djm Exp $ |
| 37 | .Dd $Mdocdate: July 23 2017 $ | 37 | .Dd $Mdocdate: September 3 2017 $ |
| 38 | .Dt SSH_CONFIG 5 | 38 | .Dt SSH_CONFIG 5 |
| 39 | .Os | 39 | .Os |
| 40 | .Sh NAME | 40 | .Sh NAME |
| @@ -1459,9 +1459,17 @@ frequently made. | |||
| 1459 | This option forces the user to manually | 1459 | This option forces the user to manually |
| 1460 | add all new hosts. | 1460 | add all new hosts. |
| 1461 | If this flag is set to | 1461 | If this flag is set to |
| 1462 | .Cm no , | 1462 | .Dq accept-new |
| 1463 | ssh will automatically add new host keys to the | 1463 | then ssh will automatically add new new host keys to the user |
| 1464 | user known hosts files. | 1464 | known hosts files, but will not permit connections to hosts with |
| 1465 | changed host keys. | ||
| 1466 | If this flag is set to | ||
| 1467 | .Dq no | ||
| 1468 | or | ||
| 1469 | .Dq off , | ||
| 1470 | ssh will automatically add new host keys to the user known hosts files, | ||
| 1471 | and allow connections to hosts with changed hostkeys to proceed subject | ||
| 1472 | to some restrictions. | ||
| 1465 | If this flag is set to | 1473 | If this flag is set to |
| 1466 | .Cm ask | 1474 | .Cm ask |
| 1467 | (the default), | 1475 | (the default), |