bug#18967: Tramp disables important SSH security features

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#18967: Tramp disables important SSH security features

From:	Daniel Colascione
Subject:	bug#18967: Tramp disables important SSH security features
Date:	Thu, 06 Nov 2014 00:47:40 +0000
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0

Tramp disables SSH host key checks by setting
GlobalKnownHostsFile=/dev/null, UserKnownHostsFile=/dev/null, and
StrictHostKeyChecking=no in its default method configuration. These
settings allow attackers to intercept connections to remote hosts, sniff
passwords, and cause other mischief. I don't think we should ship an
insecure configuration.

signature.asc
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#18967: Tramp disables important SSH security features, Daniel Colascione <=
- bug#18967: Tramp disables important SSH security features, Ted Zlatanov, 2014/11/06
  - bug#18967: Tramp disables important SSH security features, Daniel Colascione, 2014/11/06
    - bug#18967: Tramp disables important SSH security features, Ted Zlatanov, 2014/11/06
    - bug#18967: Tramp disables important SSH security features, Stefan Monnier, 2014/11/06
    - bug#18967: Tramp disables important SSH security features, Michael Albinus, 2014/11/07

Prev by Date: bug#18966: 25.0.50; unhelpful error message from byte compiler
Next by Date: bug#18968: 25.0.50; unhelpful "unused" warning from byte compiler
Previous by thread: bug#18966: 25.0.50; unhelpful error message from byte compiler
Next by thread: bug#18967: Tramp disables important SSH security features
Index(es):
- Date
- Thread