I need to be able to turn off host checking entirely

Ben Lindstrom mouring at etoh.eviladmin.org
Thu Apr 11 10:57:59 EST 2002


why don't you unify all your keys over all those disk images?

Or switch to rsh.  No reason to be deploying encyption on a closed lan.

- Ben

On Thu, 11 Apr 2002, John Summerfield wrote:

>
> I have a small LAN. The entire system is within my view - all the
> hosts, the switch and the wire. If someone is in a a position to do a
> "man in the middle" attack, there's no need - they already have me.
>
> Over the other side of the room, and beside my desk, I have test
> systems. I use disk caddies (see www.vipower.com for examples) and can
> switch operating systems in about the time it takes to cycle power; I
> pull one drive out (with power off), push in another and reboot.
>
> One of the things the test system's used for is kickstart installing
> Red Hat Linux, and a test can take less than 20 minutes.
>
> Then there's my "production" system for the same box, and Windows
> NT.....
>
> Actually, NT's not involved in the problem.
>
>
> I'm getting thoroughly sick of the checking the ssh command does, and
> I've turned off as much as I can figure out, but I still get this:
> [summer at numbat summer]$ ssh possum
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle
> attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> 22:dc:6b:57:31:b3:0a:3c:07:7e:8d:60:1a:c0:b7:5f.
> Please contact your system administrator.
> Add correct host key in /home/summer/.ssh/known_hosts to get rid of
> this message.
> Offending key in /home/summer/.ssh/known_hosts:2
> Password authentication is disabled to avoid man-in-the-middle attacks.
> X11 forwarding is disabled to avoid man-in-the-middle attacks.
> Last login: Thu Apr 11 06:06:30 2002 from numbat.os2.ami.com.au
> [summer at possum summer]$
>
>
>
> Now, I suppose I can live with the messages (but I'd rather not). What
> I really need to have the connexion to the machine to 'just work.'
>
> I want X11 forwarding to work.
> Just like this:
> [summer at numbat summer]$ ssh dugite
> Last login: Thu Apr 11 05:04:54 2002 from numbat.os2.ami.com.au
> [summer at dugite summer]$
>
>
> I appreciate there are several crude hacks I can use. Like supplying
> the host key when I install on possum, but that seems to me even worse.
>
>
>
> --
> Cheers
> John Summerfield
>
> Microsoft's most solid OS: http://www.geocities.com/rcwoolley/
>
> Note: mail delivered to me is deemed to be intended for me, for my
> disposition.
>
> ==============================
> If you don't like being told you're wrong,
> 	be right!
>
>
>
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
>




More information about the openssh-unix-dev mailing list