--- Begin Message ---
Subject: |
Tramp disables important SSH security features |
Date: |
Thu, 06 Nov 2014 00:47:40 +0000 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0 |
Tramp disables SSH host key checks by setting
GlobalKnownHostsFile=/dev/null, UserKnownHostsFile=/dev/null, and
StrictHostKeyChecking=no in its default method configuration. These
settings allow attackers to intercept connections to remote hosts, sniff
passwords, and cause other mischief. I don't think we should ship an
insecure configuration.
signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#18967: Tramp disables important SSH security features |
Date: |
Wed, 21 Dec 2016 12:44:23 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) |
Version: 26.1
> I have some plans for a while to obsolete tramp-gw.el. When I wrote it
> back in 2007, it was the only possibility to have an own implementation
> of HTTP CONNECT tunneling.
>
> Meanwhile, putty supports HTTP CONNECT natively. And with ssh, one could
> use a ProxyCommand based on "nc -X connect ...". No need for Tramp to
> implement it itself anymore.
>
> This would perform much better than my implementation in
> tramp-gw.el. And this bug would disappear automatically.
>
> So let's keep this bug as reminder. And I will see, whether I could
> document these settings in the Tramp manual. There are some free days
> next two weeks, isn't it the Xmas break?
Done, closing the bug.
Best regards, Michael.
--- End Message ---