SSH: HashKnownHosts=no

HashKnownHosts provides an appearance of security but is actually
[easily crackable](https://github.com/chris408/known_hosts-hashcat) and
doesn't prevent leakage from other sources, such as the shell history or
SSH config.  Most importantly, it makes properly maintaining the list
tedious and error-prone by making it hard to remove changed keys and
impossible to remove obsolete entries, therefore possibly weakening
security.  Security should be enforced by password-protecting SSH keys
instead.
This commit is contained in:
DuckDuckWhale 2022-10-22 00:20:12 -07:00
parent 61a4f83cb7
commit 1eedf4a4f1
Signed by: DuckDuckWhale
GPG Key ID: E4B9FC170FFD71CE

View File

@ -1,3 +1,4 @@
Host *
ForwardX11Trusted no
HashKnownHosts no
IdentitiesOnly yes