From 62e1af7c507917673ed5299478c27d341089a544 Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Sat, 12 Aug 2023 15:23:40 +0200
Subject: ssh: check SSHFP DNS entries for unknown SSH servers

---
 user/settings/ssh.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'user')

diff --git a/user/settings/ssh.nix b/user/settings/ssh.nix
index c0a7016d..f5073c8d 100644
--- a/user/settings/ssh.nix
+++ b/user/settings/ssh.nix
@@ -10,6 +10,9 @@
     controlPersist = "10m";
     hashKnownHosts = true;
     serverAliveInterval = 15;
+    extraConfig = ''
+      VerifyHostKeyDNS ask
+    '';
     includes = [
       "local.ssh_config"
     ];
-- 
cgit 1.4.1