I need to be able to turn off host checking entirely

John Summerfield summer at os2.ami.com.au
Thu Apr 11 08:23:23 EST 2002 

I have a small LAN. The entire system is within my view - all the 
hosts, the switch and the wire. If someone is in a a position to do a 
"man in the middle" attack, there's no need - they already have me.

Over the other side of the room, and beside my desk, I have test 
systems. I use disk caddies (see www.vipower.com for examples) and can 
switch operating systems in about the time it takes to cycle power; I 
pull one drive out (with power off), push in another and reboot.

One of the things the test system's used for is kickstart installing 
Red Hat Linux, and a test can take less than 20 minutes.

Then there's my "production" system for the same box, and Windows 
NT.....

Actually, NT's not involved in the problem.


I'm getting thoroughly sick of the checking the ssh command does, and 
I've turned off as much as I can figure out, but I still get this:
[summer at numbat summer]$ ssh possum
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle 
attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
22:dc:6b:57:31:b3:0a:3c:07:7e:8d:60:1a:c0:b7:5f.
Please contact your system administrator.
Add correct host key in /home/summer/.ssh/known_hosts to get rid of 
this message.
Offending key in /home/summer/.ssh/known_hosts:2
Password authentication is disabled to avoid man-in-the-middle attacks.
X11 forwarding is disabled to avoid man-in-the-middle attacks.
Last login: Thu Apr 11 06:06:30 2002 from numbat.os2.ami.com.au
[summer at possum summer]$



Now, I suppose I can live with the messages (but I'd rather not). What 
I really need to have the connexion to the machine to 'just work.'

I want X11 forwarding to work.
Just like this:
[summer at numbat summer]$ ssh dugite
Last login: Thu Apr 11 05:04:54 2002 from numbat.os2.ami.com.au
[summer at dugite summer]$


I appreciate there are several crude hacks I can use. Like supplying 
the host key when I install on possum, but that seems to me even worse.



-- 
Cheers
John Summerfield

Microsoft's most solid OS: http://www.geocities.com/rcwoolley/

Note: mail delivered to me is deemed to be intended for me, for my 
disposition.

==============================
If you don't like being told you're wrong,
	be right!

More information about the openssh-unix-dev mailing list