Home |
Licence |
FAQ |
Docs |
Download |
Keys |
Links
Mirrors |
Updates |
Feedback |
Changes |
Wishlist |
Team
An option to automatically accept all SSH host keys. For some reason
lots of people seem to think this would be a really useful feature.
I'm sure it would be very convenient, but at the expense of security!
The whole point of host keys is that they're the only
guarantee you have that your connection hasn't been hijacked by an
active attacker between you and the server, and that your data isn't
being decrypted by the attacker and re-encrypted. If you want to
schedule an automated batch job to use PSCP or Plink, and the
interactive host key prompt is making this difficult, add the
correct host key to the registry ahead of time. (Update,
2014-09-09: or if the Registry isn't available, you can use the
new -hostkey
option to specify the right key or
fingerprint on the command line.) That way you still get the
convenience, but without losing the security. We will not
accept a command line option to turn off host key checking, no matter
how many people have already done the work and send us polished
production-quality patches.
If you have host keys available in the common `known_hosts' format, we have a script to convert them to a Windows .REG file which can be installed ahead of time by double-clicking.
Audit trail for this wish.