Re: Help needed
From: Per Hedeland (per@hedeland.org)Date: 11/09/02
- Next message: Per Hedeland: "Re: Help needed"
- Previous message: Per Hedeland: "Re: Rhosts/shosts for OpenSSH 3.4p1"
- In reply to: ross: "Help needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: per@hedeland.org (Per Hedeland) Date: Sat, 9 Nov 2002 13:50:03 +0000 (UTC)
In article <3dcbbf2e$1_2@nnrp1.news.uk.psi.net> "ross"
<ross@NOSPAMwearthefoxhat.com> writes:
>When you SSH to a host and it tells you the authenticity of the host can't
>be established, is there a way to continue connecting without receiving the
>'yes/no' prompt (this is to be used in an automated system)?
Read about StrictHostKeyChecking in the ssh man page, but you should be
aware that by setting it to "no", you are ignoring the single major
"security hole" in the basic SSH concepts. Read what it says instead,
and make sure that the authenticity of the remote host *can* be
established.
This is done by transfering the the public key of the remote host to
/etc/ssh/known_hosts or ~user/.ssh/known_hosts on the client - the
latter happens automatically if StrictHostKeyChecking is set to "ask"
(the default) and you answer "yes" to the question, but depending on the
circumstances you may want to use a more secure method, i.e. one that
ensures that it is really the intended host's public key that is being
transfered. Checking the "fingerprint" displayed against known-good
information may be sufficient.
Once the remote host's public key is known on the client, you won't get
the question anymore.
--Per Hedeland
per@hedeland.org
- Next message: Per Hedeland: "Re: Help needed"
- Previous message: Per Hedeland: "Re: Rhosts/shosts for OpenSSH 3.4p1"
- In reply to: ross: "Help needed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
