Difference between revisions of "CheckHostIP"
Jump to navigation
Jump to search
(Created page with " CheckHostIP If this flag is set to ''yes'', ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due t...") Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
Line 1: | Line 1: | ||
CheckHostIP | CheckHostIP | ||
If this flag is set to ''yes'', ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. | If this flag is set to ''yes'', ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. | ||
− | If the option is set to ''no'', the check will not be executed. The default is ''yes''. | + | If the option is set to ''no'', the check will not be executed. The default is ''yes'' until [[OpenSSH 8.5]] (2021) |
+ | |||
+ | <code>[[ssh]]</code> 8.5 disable CheckHostIP by default. | ||
Revision as of 10:50, 29 March 2021
CheckHostIP If this flag is set to yes, ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to no, the check will not be executed. The default is yes until OpenSSH 8.5 (2021)
ssh
8.5 disable CheckHostIP by default.
See also
- OpenSSH (changelog):
/etc/ssh/sshd_config
|/etc/ssh/ssh_config
|~/.ssh/
|openSSL | sshd logs
|sftp
|scp
|authorized_keys
|ssh-keygen
|ssh-keyscan
|ssh-add
|ssh-agent
|ssh
|Ssh -O stop
|ssh-copy-id
|CheckHostIP
|UseKeychain
, OpenSSF
Advertising: