Re: avoiding 'authenticity' prompt
From: Nathan Jackson (c.cured_at_gmail.com)
Date: Wed, 10 Nov 2004 17:07:21 +0100 To: David T-G <firstname.lastname@example.org>
You can use a mix of the -o parameter in the command line to use
options in the format of the ssh_config file and the setting
StrictHostKeyChecking, info in the man page states:
If this flag is set to ``yes'', ssh will never automatically add
host keys to the $HOME/.ssh/known_hosts file, and refuses to con-
nect to hosts whose host key has changed. This provides maximum
protection against trojan horse attacks, however, can be annoying
when the /etc/ssh/ssh_known_hosts file is poorly maintained, or
connections to new hosts are frequently made. This option forces
the user to manually add all new hosts. If this flag is set to
``no'', ssh will automatically add new host keys to the user
known hosts files. If this flag is set to ``ask'', new host keys
will be added to the user known host files only after the user
has confirmed that is what they really want to do, and ssh will
refuse to connect to hosts whose host key has changed. The host
keys of known hosts will be verified automatically in all cases.
The argument must be ``yes'', ``no'' or ``ask''. The default is
On Tue, 9 Nov 2004 23:15:19 -0500, David T-G
> Hi, all --
> We use ssh as part of our batch scripts and occasionally come across a
> machine we haven't visited before and get hung up.
> Within this network we can trust and believe all machines, so I would
> like to set a flag that causes the new host key, whatever it may be, to
> be added to the known_hosts file and we move on.
> Can this be accomplished without taking apart the program and modifying
> the source code?
> TIA & HAND
> David T-G
> http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!