Re: Help needed

• Previous message: Mike O'Connor: "Re: RPC call through firewall on solaris..."
• In reply to: Per Hedeland: "Re: Help needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "ross" <ross@NOSPAMwearthefoxhat.com>
Date: Mon, 11 Nov 2002 13:05:06 -0000

"Per Hedeland" <per@hedeland.org> wrote in message
news:aqj3qb$1hoj$1@hedeland.org...
> In article <3dcbbf2e$1_2@nnrp1.news.uk.psi.net> "ross"
> <ross@NOSPAMwearthefoxhat.com> writes:
> >When you SSH to a host and it tells you the authenticity of the host
can't
> >be established, is there a way to continue connecting without receiving
the
> >'yes/no' prompt (this is to be used in an automated system)?
>
> Read about StrictHostKeyChecking in the ssh man page, but you should be
> aware that by setting it to "no", you are ignoring the single major
> "security hole" in the basic SSH concepts. Read what it says instead,
> and make sure that the authenticity of the remote host *can* be
> established.
>
> This is done by transfering the the public key of the remote host to
> /etc/ssh/known_hosts or ~user/.ssh/known_hosts on the client - the
> latter happens automatically if StrictHostKeyChecking is set to "ask"
> (the default) and you answer "yes" to the question, but depending on the
> circumstances you may want to use a more secure method, i.e. one that
> ensures that it is really the intended host's public key that is being
> transfered. Checking the "fingerprint" displayed against known-good
> information may be sufficient.
>
> Once the remote host's public key is known on the client, you won't get
> the question anymore.
>
> --Per Hedeland
> per@hedeland.org
>

Thanks, security is not actually a problem here as the machines are on an
isolated lan in a secure room.

Ross

• Next message: Paul Vojta: "Re: Rhosts/shosts for OpenSSH 3.4p1"
• Previous message: Mike O'Connor: "Re: RPC call through firewall on solaris..."
• In reply to: Per Hedeland: "Re: Help needed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: sshd / ssh setup ... We have an Remote FreeBSD system which is located some where on the ... This method gives the maximum protection possible utilizing ssh. ... Host setup steps. ... Reboot your system to activate sshd and login as root. ... (freebsd-questions) SSH filter transer, was Re: Soft Update - directory/file listing ... But SSH file transfer is painfully slow all the time. ... ## SSH 3.2 Server Configuration File ... # Note that forwardings using the name of this host will be allowed (if ... (freebsd-performance) Re: [opensuse] Re: OpenSUSE PuTTY ? ... PuTTY lets you set up all kinds of special options, tied to which host ... The ssh daemon on the host machine is usually activated by default, ... As a taster to open a remote session in a new window in any konsole ... Windows users should explore Cygwin as this will allow you to run ssh ... (SuSE) Re: Disable name canonicalization for OpenSSH GSSAPI ... The issue I'm having is with a new server ... I'm unable to setup the correct reverse ... When I attempt to connect to this host with SSH, ... (comp.protocols.kerberos) Re: hacked? ... So I ssh'd in and did a netstat and saw what looked like an unwanted SSH connection... ... On the local host type nmap -sV localhost -p 1-65535 to see what ports respond and which apps/services. ... (comp.os.linux.misc)