accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3719) Disable strict host key checking for standalone SSH'ing.
Date Thu, 09 Apr 2015 17:10:13 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3719?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14487675#comment-14487675
] 

Christopher Tubbs commented on ACCUMULO-3719:
---------------------------------------------

Are we absolutely sure it is a good idea to make this the default? host key checks are the
only mechanism ssh has to protect against man-in-the-middle attacks, and a user doing testing
could be just as vulnerable to attacks as any other ssh situation, I would imagine.

Because the default setting is "ask", which can create problems in this situation, perhaps
a better default would be to secure it with setting it to "yes" instead. At least, then, a
user gets a clear error message, and the mitigation is simple enough: preload the known_hosts
before running the cluster tests.

Perhaps setting this to "no" is fine... I just want to double-check and make absolutely sure
we're confident this is an okay thing to do in this situation.

> Disable strict host key checking for standalone SSH'ing.
> --------------------------------------------------------
>
>                 Key: ACCUMULO-3719
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3719
>             Project: Accumulo
>          Issue Type: Bug
>          Components: test
>            Reporter: Josh Elser
>            Assignee: Josh Elser
>             Fix For: 1.7.0, 1.6.3
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> Leaving strict host key checking enabled is likely to cause more problems than it's worth,
mostly due to the default required prompt.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message