[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null
From: |
Kenneth Loafman |
Subject: |
Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null |
Date: |
Thu, 23 Aug 2007 19:25:08 -0500 |
User-agent: |
Thunderbird 1.5.0.12 (X11/20070604) |
Peter Schuller wrote:
>> Very simply, simplicity. SSH can generate 2-3 different paths to script
>> depending on what is in the known_hosts file, and automatic responses to
>> those may in themselves be a security issue, so which way to go? I took
>> the easy route and got it working.
>>
>> Remember the goal, non-attended backup. I don't want to be up at 2am
>> when the backup starts.
>
> How about an --ssh-strict-checking switch which turns this on again, as well
> as defaulting to it on when running with --no-encryption?
>
> I can buy the convenience default as long as the backups are encrypted,
> because MITM attacks will not mean information disclosure. But without
> encryption it really feels overly risky.
>
> (If you agree I'll come up with a patch.)
I think the solution would be to go back to secure as default, then
error out if SSH known-hosts interaction causes any kind of issue. I
don't see any problem with that, other than the fact that it may error
out when unattended.
That way users can issue the two ssh options via --ssh-options. No new
options need to be added and users have a full set of capabilities.
Opinions?
...Ken
signature.asc
Description: OpenPGP digital signature