duplicity-talk
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null


From: Kenneth Loafman
Subject: Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null
Date: Thu, 23 Aug 2007 13:12:21 -0500
User-agent: Thunderbird 1.5.0.12 (X11/20070604)

Peter Schuller wrote:
> Hello,
> 
> During initial testing of 0.4.3 I noticed that the scp backend is 
> doing -oUserKnownHostsFile=/dev/null and disabling strict host checking
> 
> Why is this? Seems to me it's a pretty significant security issue to not 
> verify the identity of the remote host.

Very simply, simplicity.  SSH can generate 2-3 different paths to script
depending on what is in the known_hosts file, and automatic responses to
those may in themselves be a security issue, so which way to go?  I took
the easy route and got it working.

Remember the goal, non-attended backup.  I don't want to be up at 2am
when the backup starts.

...Ken


Attachment: signature.asc
Description: OpenPGP digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]