I need to be able to turn off host checking entirely

Jim Knoble jmknoble at pobox.com
Thu Apr 11 17:09:10 EST 2002


Circa 2002-Apr-11 13:49:46 +0800 dixit John Summerfield:

: > why don't you unify all your keys over all those disk images?
: 
: It's a bad principle.

No it isn't.  If all the disk images are used on a machine that's
assigned the same IP address, they ought to have the same host key.

: Besides, I also sometimes use that same machine to install stuff for
: others. I can install on that, then take the drive to another
: machine. I'd rather not have two machines with the same key.

You mean you reinstall the OS?  Or do you mean something else by
'install'?  If all you're doing is installing a software package, why
don't you use the network to transfer the files to the other machine?
That's kind of the idea behind a network....

If you don't want to unify host keys over all the OS's, consider one of
the following:

  (a) Assign different IP addresses (and hence also different
      hostnames) to different disk images.  Then everything else will
      magically work.  Of course, you have to remember which hostname
      corresponds to which disk image.
      
  (b) Use ssh's HostKeyAlias option to assign different "hostnames" to
      the keys for each disk image.  For example, in ~/.ssh/config:

        Host image1.hostname.example.org
	  HostName hostname.example.org
	  HostKeyAlias image1.hostname.example.org
	  ...

      You still have to remember which name to use for which disk
      image.

Using the same host key on all the images for the same machine is the
simplest and easiest method.  It's what i do on a multiboot system i
use at work (with admittedly not-so-easily-removable disks), and it's
quite painless....

-- 
jim knoble | jmknoble at pobox.com   | http://www.pobox.com/~jmknoble/
(GnuPG fingerprint: 31C4:8AAC:F24E:A70C:4000::BBF4:289F:EAA8:1381:1491)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 262 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020411/ee3f7145/attachment.bin 


More information about the openssh-unix-dev mailing list