| Summary: | manpage: trojan horse vs. man-in-the-middle | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | maikel |
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | CLOSED FIXED | ||
| Severity: | minor | CC: | dtucker |
| Priority: | P5 | ||
| Version: | 7.5p1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Bug Depends on: | |||
| Bug Blocks: | 2782 | ||
Fixed, it'll be in the 7.7 release. Thanks for the report. Close all resolved bugs after release of OpenSSH 7.7. |
Hello, The `ssh_config` man page may be slightly confusing about StrictHostKeyChecking. I found this sentence: This provides maximum protection against trojan horse attacks I always thought the option protects against man-in-the-middle attacks. I think if the user or the server is compromised via a trojan horse, the connection is most likely compromised as well, regardless of host key checking.