Disabling host key checking on LAN
Damien Miller
djm at mindrot.org
Thu Aug 27 13:01:25 AEST 2015
On Thu, 27 Aug 2015, Bostjan Skufca wrote:
> Are you connecting by specifying "ssh HOSTNAME" instead of "ssh IP.IP.IP.IP"?
>
> If this is the case, then "Host 192.168.*.*" line never matches when
> you think it should.
>
> From ssh_config manpage:
> "The host is the hostname argument given on the command line (i.e. the
> name is not converted to a canonicalized host name before matching)."
Yeah, it's unfortunately quite difficult to implement address matching
in ~/.ssh/config because of the interplay of Host matching, Hostname
directives, hostname canonicalisation*, proxy commands, hosts having
multiple addresses, IPv4/IPv6 and when the addresses are actually
resolved and available to the parser.
I've not figured out a clean way to do it that isn't also complex and
probably fragile to implement.
-d
* that was my contribution to the problem :/
More information about the openssh-unix-dev
mailing list