SSH: HashKnownHosts=no
HashKnownHosts provides an appearance of security but is actually [easily crackable](https://github.com/chris408/known_hosts-hashcat) and doesn't prevent leakage from other sources, such as the shell history or SSH config. Most importantly, it makes properly maintaining the list tedious and error-prone by making it hard to remove changed keys and impossible to remove obsolete entries, therefore possibly weakening security. Security should be enforced by password-protecting SSH keys instead.
This commit is contained in:
parent
61a4f83cb7
commit
1eedf4a4f1
GPG Key ID:
E4B9FC170FFD71CE
@ -1,3 +1,4 @@
|
||||
Host *
|
||||
ForwardX11Trusted no
|
||||
HashKnownHosts no
|
||||
IdentitiesOnly yes
|
||||
|
||||
Loading…
Reference in New Issue
Block a user