Replies: 2 comments 4 replies
-
|
Hey @mettlerr 👋 Thanks for your feedback 🙏
Your
So in "WebSSH high security mode" all connections will be prevented to unknown ones? |
Beta Was this translation helpful? Give feedback.
-
|
Yes, format is same as standard OpenSSH. Good point about not being able to add personal ones, which do not belong to my company. This has to be given some thought... Maybe a hostgroup with a setting, which enforces strict mode? But then known_host would have to be a per-hostgroup basis, which makes things more complex on the application side... Hmmm... Will gather feedback company internal and report back. |
Beta Was this translation helpful? Give feedback.
-
Many thanks for gathering additional feedback 🙏 |
Beta Was this translation helpful? Give feedback.
-
|
OpenSSH is handling it like such: https://linux-audit.com/ssh/config/client/option-stricthostkeychecking/ Having the option to set it to "accept-new" or "no" instead of just "ask" (which is probably standard now) and "yes", would be a good option, without the complexity of different host group settings. Then people can set it to whatever they want, depending on their needs. |
Beta Was this translation helpful? Give feedback.
-
|
I will upgrade WebSSH in order to be more compliant with this option. Yet WebSSH is on "hybrid" ask mode warning user on first time and when host key is changed but let the user to passthrough. |
Beta Was this translation helpful? Give feedback.
-
|
I've converted the discussion to a issue : #1460 |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Would be helpful to be able to import known_hosts and then be able to turn on StrictHostKeyChecking to disable access to hosts not in known_hosts. Furthermore it would be great, if this would be tried to sync with the configured URL on startup.
Reason: known_hosts is available from an URL in our company behind a VPN.
Beta Was this translation helpful? Give feedback.
All reactions