[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null
From: |
Kenneth Loafman |
Subject: |
Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null |
Date: |
Thu, 23 Aug 2007 13:12:21 -0500 |
User-agent: |
Thunderbird 1.5.0.12 (X11/20070604) |
Peter Schuller wrote:
> Hello,
>
> During initial testing of 0.4.3 I noticed that the scp backend is
> doing -oUserKnownHostsFile=/dev/null and disabling strict host checking
>
> Why is this? Seems to me it's a pretty significant security issue to not
> verify the identity of the remote host.
Very simply, simplicity. SSH can generate 2-3 different paths to script
depending on what is in the known_hosts file, and automatic responses to
those may in themselves be a security issue, so which way to go? I took
the easy route and got it working.
Remember the goal, non-attended backup. I don't want to be up at 2am
when the backup starts.
...Ken
signature.asc
Description: OpenPGP digital signature