hostkey checking
Frank Cusack
fcusack at fcusack.com
Tue Feb 19 19:57:23 EST 2002
On Tue, Feb 19, 2002 at 09:24:25AM +0100, Michal Svec wrote:
> On Tue, 19 Feb 2002, Frank Cusack wrote:
> > On Tue, Feb 19, 2002 at 08:32:34AM +0100, Michal Svec wrote:
> > > Is it somehow possible to disable the known_hosts checking for some hosts?
> > > The StrictHostKeyChecking affects only the asking about new computers, but
> > > doesn't affect the changed ones.
> > >
> > > I need it for the test computers, which are reinstalled twice/hour and
> > > I really don't like editing .ssh/known_hosts each time :-(
Automate; that is what computers are best at. :-)
> I'd just need some DisableHostKeyChecking option so I can disable it
> completely for some hosts. I know this would be a security risk doing it
> in general, but on a per-host basis it could be acceptable.
>
> Do you have any objections including such an option in the standard
> openssh? I think that having such possibility is a good thing in closed
> (temporary) environments where the security needs not to be so paranoid.
I'm not one of the openssh developers, but I think I can safely
say there's no way such an option is going to make it into openssh.
You're probably going to get a lot of flames just for suggesting it. :-)
> BTW could you please send me that patch?
There are other easy ways to do this. eg, use a quick one-line perl script
to wipe the hostkeys out of .ssh/known_hosts:
perl -i -ne 'print unless /^test/' $HOME/.ssh/known_hosts
or do something like
alias testssh "ssh -o UserKnownHostsFiles=/dev/null"
or any number of things along those lines.
/fc
More information about the openssh-unix-dev
mailing list