[PATCH] clarify how IgnoreUserKnownHosts works

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



From: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>

Based on the previous documentation of the IgnoreUserKnownHosts directive, the
average user could easily think that the default value “no” is the more secure
choice (in the sense of “do not even check in ~/.ssh/known_hosts”).

• Clarify in sshd_config(5), that a value of “yes” in the IgnoreUserKnownHosts
  directive, makes sshd(8) only trust the global known hosts list (/etc/ssh/
  ssh_known_hosts).

Signed-off-by: Christoph Anton Mitterer <mail@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
---
 sshd_config.5 | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/sshd_config.5 b/sshd_config.5
index 43cc826..4ed3afc 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -627,7 +627,9 @@ should ignore the user's
 during
 .Cm RhostsRSAAuthentication
 or
-.Cm HostbasedAuthentication .
+.Cm HostbasedAuthentication
+and instead only trust the systemwide
+.Pa /etc/ssh/ssh_known_hosts .
 The default is
 .Dq no .
 .It Cm IPQoS
-- 
2.1.4

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev





[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux