Disabling host key checking on LAN
Nico Kadel-Garcia
nkadel at gmail.com
Mon Aug 31 02:53:57 AEST 2015
On Sun, Aug 30, 2015 at 6:57 AM, Bostjan Skufca <bostjan at a2o.si> wrote:
> Nico,
>
> those were my thoughts, exacly, except that I was thinking about using "dig
> +short HOST | ..." which has the cleanest output of all.
Excellent point. I like it! It can get a bit confusing with
round-robin DNS, which can give multiple responses.
> But there is that initial "if" in your email, which prevented me from
> sending email in the first place. Using ping seems the most portable way,
> albeit not very elegant.
And it does help deal with the round-robin, or /etc/hosts published
hostnames in a way that "dig" does not.
> On 29 August 2015 at 12:25, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>>
>> On Fri, Aug 28, 2015 at 11:51 PM, Walter Carlson <wlcrls47 at gmail.com>
>> wrote:
>> > On Thu, Aug 27, 2015 at 12:26 AM, Walter Carlson <wlcrls47 at gmail.com>
>> > wrote:
>> >
>> >> Perfect, thanks. This winds up working for me (as far as I've tested
>> >> so
>> >> far.)
>> >>
>> >> Match exec "ping -q -c 1 -t 1 %n | grep '192\.168\.'"
>> >> StrictHostKeyChecking no
>> >> UserKnownHostsFile none
>> >>
>> >
>> > For the record, the last line has to be "UserKnownHostsFile /dev/null".
>> > I
>> > saw "none" being used in others' openssh examples, but for me, that's
>> > using
>> > the file ~/none rather than being interpreted as "don't use one".
>>
>> If you've installed the relevant "bind-utils" or similar DNS package,
>> can't you ust use "host %n | grep ' 192\.168\\." ? It's faster than
>> running ping, especially for non-responsive hosts.
>
>
More information about the openssh-unix-dev
mailing list