Re: Only do connection if I already know the destination?
So you want to break off the connection if it isn't in the .ssh/known_host file.
Currently there is no way to do that, but with a little adaption it is possible
attached a small patch to look for an env var SSH_ASKHOSTKEY
if it is set to "y" or "n" it will use that as answer instead of
asking that on the tty.
There are multiple ways of doing this...this is just one.
Hans
On Fri, Feb 10, 2023 at 12:24 PM Walter Harms wrote:
>
> would it be possible to add an option to add an non-interactive mode ?
> Getting yes/no questions (or else) in a script is clearly not helpful.
>
> re,
> wh
>
>
>
> Von: Dropbear im Auftrag von Matt Johnston
>
> Gesendet: Montag, 21. November 2022 16:20:25
> An: M Rubon
> Cc: dropbear@ucc.asn.au
> Betreff: Re: Only do connection if I already know the destination?
>
> On 2022-11-21 11:05 pm, M Rubon wrote:
> > I have an automated remote script that connects to a set of known
> > servers. I never want be prompted to add a new host key if the server
> > is missing from .ssh/known_hosts. If the key is missing, the client
> > should just immediately exit.
> >
> > Dropbear seems to give me the option of relaxing the host key checks
> > (-y -y). Is there an option to make them more strict?
>
> I don't think there's any way to do that at the moment.
>
> Cheers,
> Matt
>
> >
> > M
> >
> > p.s. OpenSSH client option "StrictHostKeyChecking yes" is basically
> > what I am looking for.
210d209
< char *askhostkey = NULL;
221,228d219
<
< askhostkey = getenv("SSH_ASKHOSTKEY");
< if (askhostkey && strchr("yn",*askhostkey)!=NULL) {
< m_free(fp);
< if (*askhostkey == 'y') {
< return;
< }
< } else {
246d237
< }
AW: Only do connection if I already know the destination?
would it be possible to add an option to add an non-interactive mode ? Getting yes/no questions (or else) in a script is clearly not helpful. re, wh Von: Dropbear im Auftrag von Matt Johnston Gesendet: Montag, 21. November 2022 16:20:25 An: M Rubon Cc: dropbear@ucc.asn.au Betreff: Re: Only do connection if I already know the destination? On 2022-11-21 11:05 pm, M Rubon wrote: > I have an automated remote script that connects to a set of known > servers. I never want be prompted to add a new host key if the server > is missing from .ssh/known_hosts. If the key is missing, the client > should just immediately exit. > > Dropbear seems to give me the option of relaxing the host key checks > (-y -y). Is there an option to make them more strict? I don't think there's any way to do that at the moment. Cheers, Matt > > M > > p.s. OpenSSH client option "StrictHostKeyChecking yes" is basically > what I am looking for.
Re: Only do connection if I already know the destination?
On 2022-11-21 11:05 pm, M Rubon wrote: I have an automated remote script that connects to a set of known servers. I never want be prompted to add a new host key if the server is missing from .ssh/known_hosts. If the key is missing, the client should just immediately exit. Dropbear seems to give me the option of relaxing the host key checks (-y -y). Is there an option to make them more strict? I don't think there's any way to do that at the moment. Cheers, Matt M p.s. OpenSSH client option "StrictHostKeyChecking yes" is basically what I am looking for.
Only do connection if I already know the destination?
I have an automated remote script that connects to a set of known servers. I never want be prompted to add a new host key if the server is missing from .ssh/known_hosts. If the key is missing, the client should just immediately exit. Dropbear seems to give me the option of relaxing the host key checks (-y -y). Is there an option to make them more strict? M p.s. OpenSSH client option "StrictHostKeyChecking yes" is basically what I am looking for.
