FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-28-2010, 06:34 AM
Ben
 
Default completely suppress remote host identification checking for trusted local servers

On Fri, 27 Aug 2010, Rahul Nabar wrote:


Whenever I re-install a server ssh issues a warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
f1:7c:70:31:8f:2a:da:eb:21:37:e9:1a:6c:3d:d4:7a.
Please contact your system administrator.
Add correct host key in /home/foo/.ssh/known_hosts to get rid of this message.
Offending key in /home/foo/.ssh/known_hosts:218
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid
man-in-the-middle attacks.

But these are local compute-nodes in a cluster so that warning is
quite superfluous. In order to suppress this ssh warning I trick ssh
by this hack:

cat ~foo/.ssh/config
host local_server_name*
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

But I still get ssh going through the unnecessary step where it still
adds to the non-exisitant known_hosts file.

Warning: Permanently added 'eu003,10.0.0.3' (RSA) to the list of known hosts.
Warning: Permanently added 'eu004,10.0.0.4' (RSA) to the list of known hosts.
[snip]

This does add an overhead at startup of jobs that ssh to multiple
servers. Is there a better way out to completely suppress remote host
identification checks?


Yes. Once you've built a server, zip up the files /etc/ssh/ssh_host_* and
copy them off to your build server with the name of the server as the zip's
file name. When you rebuild, make part of the post install process copying
the zip back and unzipping it in the freshly created /etc/ssh/. That way
that server will always have the same host keys.


Ben
--
Unix Support, MISD, University of Cambridge, England
Plugger of wire, typer of keyboard, imparter of Clue
Life Is Short. It's All Good.

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 01:47 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org