Disabling host key checking on LAN

Damien Miller djm at mindrot.org
Thu Aug 27 13:01:25 AEST 2015


On Thu, 27 Aug 2015, Bostjan Skufca wrote:

> Are you connecting by specifying "ssh HOSTNAME" instead of "ssh IP.IP.IP.IP"?
> 
> If this is the case, then "Host 192.168.*.*" line never matches when
> you think it should.
> 
> From ssh_config manpage:
> "The host is the hostname argument given on the command line (i.e. the
> name is not converted to a canonicalized host name before matching)."

Yeah, it's unfortunately quite difficult to implement address matching
in ~/.ssh/config because of the interplay of Host matching, Hostname
directives, hostname canonicalisation*, proxy commands, hosts having
multiple addresses, IPv4/IPv6 and when the addresses are actually
resolved and available to the parser.

I've not figured out a clean way to do it that isn't also complex and
probably fragile to implement.

-d

* that was my contribution to the problem :/


More information about the openssh-unix-dev mailing list