Skip to content
Snippets Groups Projects

Borgbackup: Accept unknown hosts

Merged Borgbackup: Accept unknown hosts
118.make-borgbackup-accept-new-hosts into develop
Merged Florian Sesser requested to merge 118.make-borgbackup-accept-new-hosts into develop

This is one way to Fix #118 (closed): Make Borg backup accept new hosts when connecting to our backup service.

Since our backups are encrypted and we do SSH pubkey authentication, I would find it acceptable to allow our backup clients to add unknown IPs to its ssh known-hosts file. With the new setting of StrictHostKeyChecking=accept-new, changed SSH host keys will still be rejected (i.e. it is more secure than StrictHostKeyChecking=no).

More paranoid DevSecOps might want to instead get the backup server's SSH key fingerprints, and distribute them to the storage servers' known-hosts files themselves.

Edited by Florian Sesser

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply