#1127640 systemd disables SSH host key verification for UNIX, vsock, machine connections

Package:
systemd
Source:
systemd
Description:
system and service manager
Submitter:
Aaron D. Johnson
Date:
2026-02-10 21:33:02 UTC
Severity:
normal
#1127640#5
Date:
2026-02-10 21:29:42 UTC
From:
To:
systemd upstream ships a
/usr/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf file (and a
/etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf symlink to it exists in
the Debian package) that disables clients' checking of SSH server
host keys over AF_UNIX and AF_VSOCK connections.  This breaks the SSH
trust-on-first-use (or before first use with ssh-keyscan) security model
for all such connections.