Re: avoiding 'authenticity' prompt

From: Nathan Jackson (c.cured_at_gmail.com)
Date: 11/10/04

  • Next message: Vijay Viswanathan: "FIPS Certification."
    Date: Wed, 10 Nov 2004 17:07:21 +0100
    To: David T-G <davidtg-openssh@justpickone.org>
    
    

    Hi David,

    You can use a mix of the -o parameter in the command line to use
    options in the format of the ssh_config file and the setting
    StrictHostKeyChecking, info in the man page states:

     StrictHostKeyChecking
                 If this flag is set to ``yes'', ssh will never automatically add
                 host keys to the $HOME/.ssh/known_hosts file, and refuses to con-
                 nect to hosts whose host key has changed. This provides maximum
                 protection against trojan horse attacks, however, can be annoying
                 when the /etc/ssh/ssh_known_hosts file is poorly maintained, or
                 connections to new hosts are frequently made. This option forces
                 the user to manually add all new hosts. If this flag is set to
                 ``no'', ssh will automatically add new host keys to the user
                 known hosts files. If this flag is set to ``ask'', new host keys
                 will be added to the user known host files only after the user
                 has confirmed that is what they really want to do, and ssh will
                 refuse to connect to hosts whose host key has changed. The host
                 keys of known hosts will be verified automatically in all cases.
                 The argument must be ``yes'', ``no'' or ``ask''. The default is
                 ``ask''.

    HTH,

    Nathan

    On Tue, 9 Nov 2004 23:15:19 -0500, David T-G
    <davidtg-openssh@justpickone.org> wrote:
    > Hi, all --
    >
    > We use ssh as part of our batch scripts and occasionally come across a
    > machine we haven't visited before and get hung up.
    >
    > Within this network we can trust and believe all machines, so I would
    > like to set a flag that causes the new host key, whatever it may be, to
    > be added to the known_hosts file and we move on.
    >
    > Can this be accomplished without taking apart the program and modifying
    > the source code?
    >
    > TIA & HAND
    >
    > :-D
    > --
    > David T-G
    > davidtg@justpickone.org
    > http://justpickone.org/davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
    >
    >
    >


  • Next message: Vijay Viswanathan: "FIPS Certification."