Insecure Ignore Host Key High

SSH clients validate the host key presented by the server to authenticate the host entity. Ignoring host key validation prevents the client from verifying the identity of the host. This enables connections to hosts impersonating trusted ones, since their keys are not checked. Host key validation is critical for maintaining entity authentication and trusted host assurance in SSH connections. Keys should be validated against known trusted keys rather than disabled.

Detector ID
go/insecure-ignore-host-key@v1.0
Category
Common Weakness Enumeration (CWE) external icon