FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-27-2010, 11:54 PM
Stephen Gilbert
 
Default completely suppress remote host identification checking for trusted local servers

Rahul Nabar wrote:
> Whenever I re-install a server ssh issues a warning:
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is
> f1:7c:70:31:8f:2a:da:eb:21:37:e9:1a:6c:3d:d4:7a.
> Please contact your system administrator.
> Add correct host key in /home/foo/.ssh/known_hosts to get rid of this message.
> Offending key in /home/foo/.ssh/known_hosts:218
> Password authentication is disabled to avoid man-in-the-middle attacks.
> Keyboard-interactive authentication is disabled to avoid
> man-in-the-middle attacks.
>
> But these are local compute-nodes in a cluster so that warning is
> quite superfluous. In order to suppress this ssh warning I trick ssh
> by this hack:
>
> cat ~foo/.ssh/config
> host local_server_name*
> StrictHostKeyChecking no
> UserKnownHostsFile=/dev/null
>
> But I still get ssh going through the unnecessary step where it still
> adds to the non-exisitant known_hosts file.
>
> Warning: Permanently added 'eu003,10.0.0.3' (RSA) to the list of known hosts.
> Warning: Permanently added 'eu004,10.0.0.4' (RSA) to the list of known hosts.
> [snip]
>
> This does add an overhead at startup of jobs that ssh to multiple
> servers. Is there a better way out to completely suppress remote host
> identification checks?
>
>

Edit your ~/.ssh/known_hosts file, and remove line 218

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 04:21 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org