Infrastructure/infra-docs-fpo
1
0
Fork 0
Code Issues 100 Pull requests 6 Projects Releases Packages Wiki Activity Actions

sshaccess: drop VerifyHostKeyDNS

Browse source 
This is nice and all, but unless you have dnssec enabled, it
could be you get redirected to a attacker host.
We also no longer mention sshfp anywhere here, so makes sense to just
drop it.

Signed-off-by: Kevin Fenzi <kevin@scrye.com>
This commit is contained in:
Kevin Fenzi 2025-02-18 16:20:10 -08:00 committed by kevin
parent 9c3c11965a
commit 67637180b7
1 changed files with 0 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/sysadmin_guide/pages/sshaccess.adoc
View file

@ -67,7 +67,6 @@ Host bastion.fedoraproject.org
User FAS_USERNAME (all lowercase)
ProxyCommand none
ForwardAgent no
VerifyHostKeyDNS yes
Host *.iad2.fedoraproject.org *.qa.fedoraproject.org 10.3.160.* 10.3.161.* 10.3.163.* 10.3.165.* 10.3.167.* 10.3.171.* *.vpn.fedoraproject.org
ProxyJump bastion.fedoraproject.org
Host batcave01