On Tue, 29 Sep 2020, Nico Kadel-Garcia wrote: > There are setups SSH targets where it is useful for, primarily > externally and consistentlyconfigured hosts with stable DNS and > hostkeys, such as github or gitlab. But for internal services, it's > generally far more trouble than it's worth. FWIW I think this is bad advice. Services are only "internal" to the extent that you can trust your network. Search "SSL added and removed here" for a practical demonstration of this assumption yielding undesirable results. Disabling hostkey checking is a big hammer, but occasionally useful for lab environments. Generally I recommend that people who are having trouble with hostkey management consider using host certificates. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
