Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The platform engineering team at my big corp work simply disabled host key checking in the cloud tool Python script they wrote for all of us to log into our bastion hosts.

For prod.

ssh β€”-known-hosts-file=/dev/null



Wow, that is a level of DGAF I haven't encountered before in production. No wonder data breaches are so common with that kind of YOLO security practices.


To be fair, it’s all EC2 so provenance of the host is well established.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: