cmd/tailscale: [ssh] enable StrictHostKeyChecking mode

Updates #3802 Signed-off-by: Maisem Ali <maisem@tailscale.com>
2024-11-29 04:55:31 +00:00 · 2022-04-18 09:52:52 -07:00 · 2022-04-18 09:52:52 -07:00 · 945879fa38
commit 945879fa38
parent 8f5e5bff1e
1 changed files with 4 additions and 0 deletions
--- a/cmd/tailscale/cli/ssh.go
+++ b/cmd/tailscale/cli/ssh.go
@ -79,9 +79,13 @@ func runSSH(ctx context.Context, args []string) error {
 	argv := append([]string{
 		ssh,

+		// Only trust SSH hosts that we know about.
 		"-o", fmt.Sprintf("UserKnownHostsFile %s",
 			shellescape.Quote(knownHostsFile),
 		),
+		"-o", "UpdateHostKeys no",
+		"-o", "StrictHostKeyChecking yes",
+
 		"-o", fmt.Sprintf("ProxyCommand %s --socket=%s nc %%h %%p",
 			shellescape.Quote(tailscaleBin),
 			shellescape.Quote(rootArgs.socket),