Skip to content

[JENKINS-76261] Please reconsider forcing HashKnownHosts=yes #1702

New issue
New issue
Closed
Enhancement
#1707
Closed
[JENKINS-76261] Please reconsider forcing HashKnownHosts=yes#1702
Enhancement
#1707
Labels
component:git-client-pluginimported-jira-issuepriority:minorresolution:unresolved
@jenkins-infra-bot

Description

@jenkins-infra-bot
jenkins-infra-bot
opened on Nov 3, 2025

Setting the host key verification strategy to accept first connection has the undocumented side effect of forcing HashKnownHosts=yes on the SSH command line. Please either make this a seperate configuration option or remove it entirely so that this behavior can be controlled from ssh_config.

The HashKnownHosts option was introduced to OpenSSH back in 2005 but has never been the default behavior of OpenSSH because the amount of security it adds is minimal and being able to read the known_hosts file is useful. The choice to enable or disable this option should be left up to the user, which isn't possible if the plugin is forcing it on the SSH command line.

The hashing mechanism isn't really strong enough to prevent a brute force attack on modern hardware. If the DNS zone can be enumerated (AXFR, rDNS lookups, etc.,) then a dictionary can be created which renders the hashing nearly useless.

Originally reported by nuxi, imported from: Please reconsider forcing HashKnownHosts=yes
  • status: Open
  • priority: Minor
  • component(s): git-client-plugin
  • resolution: Unresolved
  • votes: 0
  • watchers: 1
  • imported: 20251211-071809
Raw content of original issue 
Setting the host key verification strategy to accept first connection has the undocumented side effect of forcing HashKnownHosts=yes on the SSH command line. Please either make this a seperate configuration option or remove it entirely so that this behavior can be controlled from ssh_config.



The HashKnownHosts option was introduced to OpenSSH back in 2005 but has never been the default behavior of OpenSSH because the amount of security it adds is minimal and being able to read the known_hosts file is useful. The choice to enable or disable this option should be left up to the user, which isn't possible if the plugin is forcing it on the SSH command line.



The hashing mechanism isn't really strong enough to prevent a brute force attack on modern hardware. If the DNS zone can be enumerated (AXFR, rDNS lookups, etc.,) then a dictionary can be created which renders the hashing nearly useless.

Metadata

Metadata

Assignees

No one assigned

    Labels

    component:git-client-pluginimported-jira-issuepriority:minorresolution:unresolved

    Type

    Enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions