I need to be able to turn off host checking entirely
John Summerfield
summer at os2.ami.com.au
Thu Apr 11 15:49:46 EST 2002
>
> why don't you unify all your keys over all those disk images?
It's a bad principle. Besides, I also sometimes use that same machine
to install stuff for others. I can install on that, then take the drive
to another machine. I'd rather not have two machines with the same key.
>
> Or switch to rsh. No reason to be deploying encyption on a closed lan.
ssh does things better than rsh, that's the main reason I use it. I
don't actually care about the encryption.
>
> - Ben
>
> On Thu, 11 Apr 2002, John Summerfield wrote:
>
> >
> > I have a small LAN. The entire system is within my view - all the
> > hosts, the switch and the wire. If someone is in a a position to do a
> > "man in the middle" attack, there's no need - they already have me.
> >
> > Over the other side of the room, and beside my desk, I have test
> > systems. I use disk caddies (see www.vipower.com for examples) and can
> > switch operating systems in about the time it takes to cycle power; I
> > pull one drive out (with power off), push in another and reboot.
> >
> > One of the things the test system's used for is kickstart installing
> > Red Hat Linux, and a test can take less than 20 minutes.
> >
> > Then there's my "production" system for the same box, and Windows
> > NT.....
> >
> > Actually, NT's not involved in the problem.
> >
> >
> > I'm getting thoroughly sick of the checking the ssh command does, and
> > I've turned off as much as I can figure out, but I still get this:
> > [summer at numbat summer]$ ssh possum
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> > Someone could be eavesdropping on you right now (man-in-the-middle
> > attack)!
> > It is also possible that the RSA host key has just been changed.
> > The fingerprint for the RSA key sent by the remote host is
> > 22:dc:6b:57:31:b3:0a:3c:07:7e:8d:60:1a:c0:b7:5f.
> > Please contact your system administrator.
> > Add correct host key in /home/summer/.ssh/known_hosts to get rid of
> > this message.
> > Offending key in /home/summer/.ssh/known_hosts:2
> > Password authentication is disabled to avoid man-in-the-middle attacks.
> > X11 forwarding is disabled to avoid man-in-the-middle attacks.
> > Last login: Thu Apr 11 06:06:30 2002 from numbat.os2.ami.com.au
> > [summer at possum summer]$
> >
> >
> >
> > Now, I suppose I can live with the messages (but I'd rather not). What
> > I really need to have the connexion to the machine to 'just work.'
> >
> > I want X11 forwarding to work.
> > Just like this:
> > [summer at numbat summer]$ ssh dugite
> > Last login: Thu Apr 11 05:04:54 2002 from numbat.os2.ami.com.au
> > [summer at dugite summer]$
> >
> >
> > I appreciate there are several crude hacks I can use. Like supplying
> > the host key when I install on possum, but that seems to me even worse.
> >
> >
> >
> > --
> > Cheers
> > John Summerfield
> >
> > Microsoft's most solid OS: http://www.geocities.com/rcwoolley/
> >
> > Note: mail delivered to me is deemed to be intended for me, for my
> > disposition.
> >
> > ==============================
> > If you don't like being told you're wrong,
> > be right!
> >
> >
> >
> > _______________________________________________
> > openssh-unix-dev at mindrot.org mailing list
> > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> >
>
--
Cheers
John Summerfield
Microsoft's most solid OS: http://www.geocities.com/rcwoolley/
Note: mail delivered to me is deemed to be intended for me, for my
disposition.
==============================
If you don't like being told you're wrong,
be right!
More information about the openssh-unix-dev
mailing list