https://bugzilla.mindrot.org/show_bug.cgi?id=3775
Bug ID: 3775
Summary: Docs: ssh-keyscan is like `StrictHostKeyChecking=no`,
but few know that.
Product: Portable OpenSSH
Version: 9.9p1
Hardware: Other
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keyscan
Assignee: unassigned-b...@mindrot.org
Reporter: i...@thomas-guettler.de
I have seen a lot of usage of ssh-keyscan in Github Actions.
This is like using `StrictHostKeyChecking=no`, but only few people
seem to realize that.
Man-in-the-middle attacks are possible if you use ssh-keyscan.
Please update the man page and the `--help` output and mention that.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
