[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null
From: |
Peter Schuller |
Subject: |
Re: [Duplicity-talk] Why -oUserKnownHostsFile=/dev/null |
Date: |
Thu, 23 Aug 2007 22:26:00 +0200 |
User-agent: |
KMail/1.9.7 |
> Very simply, simplicity. SSH can generate 2-3 different paths to script
> depending on what is in the known_hosts file, and automatic responses to
> those may in themselves be a security issue, so which way to go? I took
> the easy route and got it working.
>
> Remember the goal, non-attended backup. I don't want to be up at 2am
> when the backup starts.
How about an --ssh-strict-checking switch which turns this on again, as well
as defaulting to it on when running with --no-encryption?
I can buy the convenience default as long as the backups are encrypted,
because MITM attacks will not mean information disclosure. But without
encryption it really feels overly risky.
(If you agree I'll come up with a patch.)
--
/ Peter Schuller
PGP userID: 0xE9758B7D or 'Peter Schuller <address@hidden>'
Key retrieval: Send an E-Mail to address@hidden
E-Mail: address@hidden Web: http://www.scode.org