Ticket #41 (closed defect: fixed)
conf_fetch uses StrictHostKeyChecking=no with scp
| Reported by: | blee | Owned by: | confman-developers@… |
|---|---|---|---|
| Priority: | major | Milestone: | confman-2.0 |
| Component: | confsync | Version: | 1.9.0b |
| Keywords: | Cc: |
Description
conf_fetch currently disables strict host key checking when using scp. This raises some security concerns.
Change History
comment:2 Changed 3 years ago by ccowart
- Status changed from new to closed
- Resolution set to fixed
(In [385])
- Disabling StrictHostKeyChecking?=no by default.
- Providing CONF_FETCH_SSH_FLAGS knob for arbitrary configuration of the ssh client.
- Renaming CONF_SSH_KEY to CONF_FETCH_SSH_KEY to more closely follow conventions.
- Related man page corrections.
Fixes #41
Note: See
TracTickets for help on using
tickets.
Agreed this should be off by default. Should definitely support
a generic SSH_ARGS style knob though. I'm gonna dig in on it
and see what I can do.