Flag to turn off host-key check

Matt Anderson mra at malloc.org
Sat Jun 21 05:10:32 EST 2008


Tobias Karlsson wrote:
> Let me start by saying that I think OpenSSH is a great tool and thanks to everyone contributing to it's existence.

Agreed!

> However, I have a request:
> 
> I'd like to have a flag that ignores the check of the host key. I'm fully aware of that this opens up for man-in-the-middle attacks and that there is a risk of lazy users mis-using this feature, but it would be very useful for us using SSH in a lab environment where the host key of the equipment frequently changes.

I've often thought about this too, however I can't bring myself to 
skipping hostkey checks all together, that's just crazy talk.  One thing 
I thought might be reasonable was a .ssh/unknown_hosts file where you 
could list hostsnames or IPs or maybe even IP ranges that would not be 
strictly enforced.  Maybe it would still cache the key and let you know 
its changed (useful for when someone reinstalls your lab system without 
telling you.)  Of course, I haven't started working on this patch, so...

-matt


More information about the openssh-unix-dev mailing list