ssh_secure: Don't alias "ssh" to "ssh -o 'StrictHostKeyChecking yes'

Creating this alias prevents the user from overwriting this for certain
hosts in his ~/.ssh/config file.

You should add something like the folloging to you ~/.ssh/config file
to make ssh more secure by default:

    # Trusted test network with changing hosts
    Host *.example.net
        StrictHostKeyChecking no
        UserKnownHostsFile /dev/null

    # Be more secure by default!
    Host *
        CheckHostIP yes
        StrictHostKeyChecking yes

diff --git a/plugins/ssh_secure/ssh_secure.zshrc b/plugins/ssh_secure/ssh_secure.zshrc
index dbc0eea058b3825dc76c025d43af4af88ac0adb5..e0c9b34b3c7006c1046d5c381d4789b3fef754d3 100644 (file)
--- a/plugins/ssh_secure/ssh_secure.zshrc
+++ b/plugins/ssh_secure/ssh_secure.zshrc
@@ -5,6 +5,6 @@
 (( $+commands[ssh] )) || return
 
 # Enforce "strict host key checking"
-alias ssh="\ssh -o 'StrictHostKeyChecking yes'"
+#alias ssh="\ssh -o 'StrictHostKeyChecking yes'"
 alias sshnew="\ssh -o 'StrictHostKeyChecking no'"
 alias sshtmp="\ssh -o 'StrictHostKeyChecking no' -o 'UserKnownHostsFile /dev/null'"