MacFusion starts sshfs using "-oCheckHostIP=no -oStrictHostKeyChecking=no".
This exposes
users to DNS spoofing and other MITM attacks and would do so silently since the
user can't even
see a warning.
This should be changed to "-oCheckHostIP=yes -oStrictHostKeyChecking=yes". The
usability
concerns are important but also infrequent - until a proper key management GUI
exists even a
simple warning and/or opening the ssh session in Terminal so the user can
review the warnings
would be sufficient.
Original issue reported on code.google.com by adamsc@gmail.com on 31 Dec 2007 at 9:43
Original issue reported on code.google.com by
adamsc@gmail.com
on 31 Dec 2007 at 9:43