Flag to turn off host-key check

Matt Anderson mra at malloc.org
Wed Jun 25 02:21:17 EST 2008


Daniel Kahn Gillmor wrote:
> Even better would be to enclose those directives underneath a Host
> statement that limits these options to the hosts which you expect to
> behave in this suboptimal way.  e.g.:
> 
> Host *.lab.example.org
>  UserKnownHostsFile /dev/null
>  StrictHostKeyChecking no
> 
> That way you don't lose the host key checking protection for any other
> hosts.

Right, this setup looks ideal for my issue.

> Alternately, you could find ways to prevent the host keys on these
> machines from changing -- why are they changing like this?

In my case at least the OS is blown away and reinstalled fairly often. 
I guess the keys could be saved off on another host and then copied back 
each time, but those config file changes above would really simplify 
things for the couple persistent systems that connect in.

-matt


More information about the openssh-unix-dev mailing list