StrictHostKeyChecking?

Advertisement

Mace
Guest

StrictHostKeyChecking?

How can the ssh option "StrictHostKeyChecking yes" be activated in WinSCP?
Using the ini file option the accepted host keys are stored under [SshHostKeys], but I cannot find any option to change the default value "StrictHostKeyChecking ask".

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: StrictHostKeyChecking?

Can you tell me what do you want, instead of referring to options of other SSH implementations?
_________________
Martin Prikryl

Reply with quote

Guest

Re: StrictHostKeyChecking?

martin wrote:

Can you tell me what do you want, instead of referring to options of other SSH implementations?

The feature I request is the option to strictly prohibit the connection to unauthorized/unknown hosts.
Under Linux this equals the option mentioned above, where a client can store public host keys in .ssh/known_hosts and can exclusively connect to this hosts when the option "StrictHostKeyChecking yes" is placed inside the ssh_config.
There should be the possibility to prohibit a client connection to hosts not stored in a pre-configured option file under [SshHostKeys] (alternatively: the Windows registry).
At the moment/by default, this option seems to be set to "ask" in WinSCP, where an incautious user just can click on "Accept".

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
27,226
Location:
Prague, Czechia

Re: StrictHostKeyChecking?

So user would be able to manually store the keys to the "cache", would he? Where do you want to have your option? In HKEY_LOCAL_MACHINE, so it cannot be cleared by the user?
_________________
Martin Prikryl

Reply with quote

Mace
Guest

Re: StrictHostKeyChecking?

martin wrote:

So user would be able to manually store the keys to the "cache", would he? Where do you want to have your option? In HKEY_LOCAL_MACHINE, so it cannot be cleared by the user?

That seems to be a very good idea, maybe under HKEY_LOCAL_MACHINE\SOFTWARE\Martin Prikryl\WinSCP 2\ ...
But that is really up to you.
Thank you very much!

Reply with quote

Advertisement

You can post new topics in this forum