hostkey checking
Michal Svec
rebel at atrey.karlin.mff.cuni.cz
Tue Feb 19 19:24:25 EST 2002
Hi!
On Tue, 19 Feb 2002, Frank Cusack wrote:
> On Tue, Feb 19, 2002 at 08:32:34AM +0100, Michal Svec wrote:
> > Is it somehow possible to disable the known_hosts checking for some hosts?
> > The StrictHostKeyChecking affects only the asking about new computers, but
> > doesn't affect the changed ones.
> >
> > I need it for the test computers, which are reinstalled twice/hour and
> > I really don't like editing .ssh/known_hosts each time :-(
>
> Why don't you save the host keys then? Change your reinstall process
> to install the saved host key rather then generate a new one.
Sadly, I'm testing just the standard reinstall process for which I can't
do such changes (I'd use it otherwise).
> But anyway, StrictHostKeyChecking does affect changed host keys. You can
> easily set it to 'no' for only certain hosts. Even with 'no', certain
> types of authentication will not be allowed, that's an easy behaviour
> to change (1 or 2 line patch), but I would recommend you install known
> host keys instead.
I'd just need some DisableHostKeyChecking option so I can disable it
completely for some hosts. I know this would be a security risk doing it
in general, but on a per-host basis it could be acceptable.
Do you have any objections including such an option in the standard
openssh? I think that having such possibility is a good thing in closed
(temporary) environments where the security needs not to be so paranoid.
Regards
Michal
BTW could you please send me that patch?
More information about the openssh-unix-dev
mailing list