Disabling host key checking on LAN
Bostjan Skufca
bostjan at a2o.si
Sat Aug 29 00:37:19 AEST 2015
On 28 August 2015 at 15:10, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>
> In environments where critical server hostnames and IP addresses are
> not tied to consistent SSH keys, I'm afraid there is little choice but
> to discard the use of known_hosts.
>
Shouldn't in such complex environments configuration management
pre-generate known_hosts from collected facts from hosts?
I know it is a hassle, but having a fuse that ensures that you are indeed
connecting to what you think you are connecting to is something worth
having, or not?
b.
More information about the openssh-unix-dev
mailing list