[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#18967: Tramp disables important SSH security features
From: |
Michael Albinus |
Subject: |
bug#18967: Tramp disables important SSH security features |
Date: |
Sun, 18 Dec 2016 09:51:18 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Glenn Morris <rgm@gnu.org> writes:
> How about
>
> ssh -o BatchMode=yes
No, Batchmode suppresses the password dialogue. Not applicable.
And looking at the code I really don't see what can be done.
Note, that GlobalKnownHostsFile, UserKnownHostsFile and
StrictHostKeyChecking are not disabled by default. They are disabled
only in case a so-called gateway is used, like
"/tunnel:proxyhost#3128|ssh:remotehost:/path/to/file". Tramp will
created a temporary httpd tunnel then, with a random port number on the
localhost, like localhost#12345.
If you connect to remotehost as above, there will be a an internal ssh
connection to localhost#12345, which is the tunnel through proxyhost. If
you connect to another.remotehost afterwards, the same internal ssh
target will be used. But remotehost and another.remotehost are
different, and so are their host keys. That's why Tramp must be
instructed to ignore the host keys in this very special case.
See also (info "(tramp) Gateway methods")
Best regards, Michael.