Putty: StrictHostKeyChecking

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
How do I set StrictHostKeyChecking=no when I use Putty? Do I have to
load Cygwin and run SSH to do this?

Re: Putty: StrictHostKeyChecking

mk_gecko@yahoo.com writes:
Quoted text here. Click to load it

StrictHostKeyChecking is an OpenSSH-specific configuration option. I'm
assuming that the aspect of its behaviour that you're after in PuTTY
is the automatic acceptance of unknown host keys.

This isn't possible in PuTTY. This entry in the PuTTY FAQ is relevant:

  A.2.9 Is there an option to turn off the annoying host key prompts?
  No, there isn't. And there won't be. Even if you write it yourself
  and send us the patch, we won't accept it.
  Those annoying host key prompts are the _whole point_ of SSH.
  Without them, all the cryptographic technology SSH uses to secure
  your session is doing nothing more than making an attacker's job
  slightly harder; instead of sitting between you and the server with
  a packet sniffer, the attacker must actually subvert a router and
  start modifying the packets going back and forth. But that's not all
  that much harder than just sniffing; and without host key checking,
  it will go completely undetected by client or server.
  Host key checking is your guarantee that the encryption you put on
  your data at the client end is the _same_ encryption taken off the
  data at the server end; it's your guarantee that it hasn't been
  removed and replaced somewhere on the way. Host key checking makes
  the attacker's job _astronomically_ hard, compared to packet
  sniffing, and even compared to subverting a router. Instead of
  applying a little intelligence and keeping an eye on Bugtraq, the
  attacker must now perform a brute-force attack against at least one
  military-strength cipher. That insignificant host key prompt really
  does make _that_ much difference.
  If you're having a specific problem with host key checking - perhaps
  you want an automated batch job to make use of PSCP or Plink, and
  the interactive host key prompt is hanging the batch process - then
  the right way to fix it is to add the correct host key to the
  Registry in advance. That way, you retain the _important_ feature of
  host key checking: the right key will be accepted and the wrong ones
  will not. Adding an option to turn host key checking off completely
  is the wrong solution and we will not do it.
  If you have host keys available in the common known_hosts format, we
  have a script called kh2reg.py[1] to convert them to a Windows .REG
  file, which can be installed ahead of time by double-clicking or
  using REGEDIT.

[1] <http://svn.tartarus.org/sgt/putty/contrib/kh2reg.py?view=markup


Re: Putty: StrictHostKeyChecking

Quoted text here. Click to load it

Well, the FAQ entry seems to be talking about turning off host key
checking completely, which is *never* an aspect of the behaviour of
StrictHostKeyChecking - a key mismatch will always unconditionally abort
the connection, you don't even get a chance to say "yes".

I.e. even if you have StrictHostKeyChecking=no, the potential attacker
must not "just" subvert a router, he must already have it subverted
*and* target your very first connection to a previously unknown host.

I fully understand how accepting unknown keys at all is a problem, but I
suspect that if the original ssh implementation had required
pre-configured keys, ssh would have remained an exotic technology of
mainly academic interest, instead of becoming the ubiquitous standard
that it is today. Making the equivalent of StrictHostKeyChecking=ask the
default was exactly the right tradeoff decision IMHO.

--Per Hedeland

Site Timeline