Flag to turn off host-key check
Matt Anderson
mra at malloc.org
Wed Jun 25 02:21:17 EST 2008
Daniel Kahn Gillmor wrote:
> Even better would be to enclose those directives underneath a Host
> statement that limits these options to the hosts which you expect to
> behave in this suboptimal way. e.g.:
>
> Host *.lab.example.org
> UserKnownHostsFile /dev/null
> StrictHostKeyChecking no
>
> That way you don't lose the host key checking protection for any other
> hosts.
Right, this setup looks ideal for my issue.
> Alternately, you could find ways to prevent the host keys on these
> machines from changing -- why are they changing like this?
In my case at least the OS is blown away and reinstalled fairly often.
I guess the keys could be saved off on another host and then copied back
each time, but those config file changes above would really simplify
things for the couple persistent systems that connect in.
-matt
More information about the openssh-unix-dev
mailing list