Disabling host key checking on LAN

Bostjan Skufca bostjan at a2o.si
Thu Aug 27 08:53:00 AEST 2015


Are you connecting by specifying "ssh HOSTNAME" instead of "ssh IP.IP.IP.IP"?

If this is the case, then "Host 192.168.*.*" line never matches when
you think it should.

>From ssh_config manpage:
"The host is the hostname argument given on the command line (i.e. the
name is not converted to a canonicalized host name before matching)."

b.

On 27 August 2015 at 00:21, Walter Carlson <wlcrls47 at gmail.com> wrote:
> If I want to specify for LAN addresses that I don't want to deal with host
> keys, how do I do that?  Understanding the risks, knowing almost everyone
> will say not to do this - it's a horrible idea, but deciding I want to do
> it anyway.  Tired of having to remove entries from known_hosts with the
> multiple VM's I have that often change fingerprints, and am willing to live
> with the risks.
>
> /etc/ssh/ssh_config
> Host 192.168.*.*
>    StrictHostKeyChecking no
>    UserKnownHostsFile /dev/null
>
> or
>    UserKnownHostsFile none
>
> Isn't doing the trick.  With no known_hosts file in ~/.ssh or /etc, I still
> get:
> The authenticity of host '<hostname> (192.168.2.2)' can't be established.
> ECDSA key fingerprint is SHA256:.....
> Are you sure you want to continue connecting (yes/no)?
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list