So you want to break off the connection if it isn't in the .ssh/known_host file.
Currently there is no way to do that, but with a little adaption it is possible
attached a small patch to look for an env var SSH_ASKHOSTKEY
if it is set to "y" or "n" it will use that as answer instead of
asking that on the tty.
There are multiple ways of doing this...this is just one.
Hans
On Fri, Feb 10, 2023 at 12:24 PM Walter Harms <wha...@bfs.de> wrote:
>
> would it be possible to add an option to add an non-interactive mode ?
> Getting yes/no questions (or else) in a script is clearly not helpful.
>
> re,
> wh
>
>
> ________________________________________
> Von: Dropbear <dropbear-boun...@ucc.asn.au> im Auftrag von Matt Johnston
> <m...@ucc.asn.au>
> Gesendet: Montag, 21. November 2022 16:20:25
> An: M Rubon
> Cc: dropbear@ucc.asn.au
> Betreff: Re: Only do connection if I already know the destination?
>
> On 2022-11-21 11:05 pm, M Rubon wrote:
> > I have an automated remote script that connects to a set of known
> > servers. I never want be prompted to add a new host key if the server
> > is missing from .ssh/known_hosts. If the key is missing, the client
> > should just immediately exit.
> >
> > Dropbear seems to give me the option of relaxing the host key checks
> > (-y -y). Is there an option to make them more strict?
>
> I don't think there's any way to do that at the moment.
>
> Cheers,
> Matt
>
> >
> > M
> >
> > p.s. OpenSSH client option "StrictHostKeyChecking yes" is basically
> > what I am looking for.
210d209
< char *askhostkey = NULL;
221,228d219
<
< askhostkey = getenv("SSH_ASKHOSTKEY");
< if (askhostkey && strchr("yn",*askhostkey)!=NULL) {
< m_free(fp);
< if (*askhostkey == 'y') {
< return;
< }
< } else {
246d237
< }
