Flag to turn off host-key check
Matt Anderson
mra at malloc.org
Sat Jun 21 05:10:32 EST 2008
Tobias Karlsson wrote:
> Let me start by saying that I think OpenSSH is a great tool and thanks to everyone contributing to it's existence.
Agreed!
> However, I have a request:
>
> I'd like to have a flag that ignores the check of the host key. I'm fully aware of that this opens up for man-in-the-middle attacks and that there is a risk of lazy users mis-using this feature, but it would be very useful for us using SSH in a lab environment where the host key of the equipment frequently changes.
I've often thought about this too, however I can't bring myself to
skipping hostkey checks all together, that's just crazy talk. One thing
I thought might be reasonable was a .ssh/unknown_hosts file where you
could list hostsnames or IPs or maybe even IP ranges that would not be
strictly enforced. Maybe it would still cache the key and let you know
its changed (useful for when someone reinstalls your lab system without
telling you.) Of course, I haven't started working on this patch, so...
-matt
More information about the openssh-unix-dev
mailing list