summary refs log tree commit diff stats
path: root/user
diff options
context:
space:
mode:
authorAlan Pearce2023-08-12 15:23:40 +0200
committerAlan Pearce2023-08-12 15:23:40 +0200
commit62e1af7c507917673ed5299478c27d341089a544 (patch)
tree525c0fc70677a4f0af83a1d9ba1db95b72c1f23e /user
parent09da71a814a82de08b5bd058b6bb80a948a43a02 (diff)
downloadnixfiles-62e1af7c507917673ed5299478c27d341089a544.tar.lz
nixfiles-62e1af7c507917673ed5299478c27d341089a544.tar.zst
nixfiles-62e1af7c507917673ed5299478c27d341089a544.zip
ssh: check SSHFP DNS entries for unknown SSH servers
Diffstat (limited to 'user')
-rw-r--r--user/settings/ssh.nix3
1 files changed, 3 insertions, 0 deletions
diff --git a/user/settings/ssh.nix b/user/settings/ssh.nix
index c0a7016d..f5073c8d 100644
--- a/user/settings/ssh.nix
+++ b/user/settings/ssh.nix
@@ -10,6 +10,9 @@
     controlPersist = "10m";
     hashKnownHosts = true;
     serverAliveInterval = 15;
+    extraConfig = ''
+      VerifyHostKeyDNS ask
+    '';
     includes = [
       "local.ssh_config"
     ];