On Thu, 2015-11-12 at 19:21 +1300, martin f krafft wrote:
> also sprach Christoph Anton Mitterer [2015-
> 11-12 17:41 +1300]:
> > > Hopeful, I was looking at VerifyHostKeyDNS for relief
> > The default StrictHostKeyChecking isn't secure enough for you, but
> > you'd trust DNSSEC here? ;-P
> Why sh
also sprach Christoph Anton Mitterer [2015-11-12 17:41
+1300]:
> > Hopeful, I was looking at VerifyHostKeyDNS for relief
> The default StrictHostKeyChecking isn't secure enough for you, but
> you'd trust DNSSEC here? ;-P
Why should I not trust DNSSEC for hosts where I control the zone?
--
.''
On Thu, 2015-11-12 at 16:48 +1300, martin f krafft wrote:
> I am one of those people that think that StrictHostKeyChecking=yes
> should be on by default for its security benefit
agreed
> Hopeful, I was looking at VerifyHostKeyDNS for relief
The default StrictHostKeyChecking isn't secure enough for
Package: openssh-client
Version: 1:6.9p1-2+b1
Severity: wishlist
File: /usr/bin/ssh
I am one of those people that think that StrictHostKeyChecking=yes
should be on by default for its security benefit, but obviously it's
a pain to connect to new nodes with this option turned on.
Hopeful, I was loo
4 matches
Mail list logo
