SSH: HashKnownHosts=no
HashKnownHosts provides an appearance of security but is actually [easily crackable](https://github.com/chris408/known_hosts-hashcat) and doesn't prevent leakage from other sources, such as the shell history or SSH config. Most importantly, it makes properly maintaining the list tedious and error-prone by making it hard to remove changed keys and impossible to remove obsolete entries, therefore possibly weakening security. Security should be enforced by password-protecting SSH keys instead.
This commit is contained in:
parent
61a4f83cb7
commit
1eedf4a4f1
GPG Key ID:
E4B9FC170FFD71CE
@ -1,3 +1,4 @@
|
|||||||
Host *
|
Host *
|
||||||
ForwardX11Trusted no
|
ForwardX11Trusted no
|
||||||
|
HashKnownHosts no
|
||||||
IdentitiesOnly yes
|
IdentitiesOnly yes
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user