accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3719) Disable strict host key checking for standalone SSH'ing.
Date Thu, 09 Apr 2015 17:10:13 GMT


Christopher Tubbs commented on ACCUMULO-3719:

Are we absolutely sure it is a good idea to make this the default? host key checks are the
only mechanism ssh has to protect against man-in-the-middle attacks, and a user doing testing
could be just as vulnerable to attacks as any other ssh situation, I would imagine.

Because the default setting is "ask", which can create problems in this situation, perhaps
a better default would be to secure it with setting it to "yes" instead. At least, then, a
user gets a clear error message, and the mitigation is simple enough: preload the known_hosts
before running the cluster tests.

Perhaps setting this to "no" is fine... I just want to double-check and make absolutely sure
we're confident this is an okay thing to do in this situation.

> Disable strict host key checking for standalone SSH'ing.
> --------------------------------------------------------
>                 Key: ACCUMULO-3719
>                 URL:
>             Project: Accumulo
>          Issue Type: Bug
>          Components: test
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.7.0, 1.6.3
>          Time Spent: 20m
>  Remaining Estimate: 0h
> Leaving strict host key checking enabled is likely to cause more problems than it's worth,
mostly due to the default required prompt.

This message was sent by Atlassian JIRA

View raw message