I keep the following command in my .bash_profile: alias ssg="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/ dev/null"
I then `ssg` to hosts which are liable to have changing ssh keys. Joachim Steiger's suggestion, limiting relaxed HostKeyChecking to a single IP is less useful to me, because I most always have a machine or two on the network which are getting fresh or temporary o/s installs, or which receive dynamic addresses (and which consequently share the 192.168.1.100 - 192.168.1.102 range of addresses). His suggestion causes me to wonder if I should just disable HostKeyChecking for all addresses in 192.168.x.y, but the thought does pique my paranoia. Stroller. On 17 Jul 2008, at 20:26, Marcus Bauer wrote: > > Paul Bonser answered already with the fix. > > I'll add the reason: whenever you connect to an unknown system, you > are > asked if you want to accept the key like this: > > ----------------------------------------------------------------- > The authenticity of host '192.168.0.202 (192.168.0.202)' can't be > established. > RSA key fingerprint is d8:c1:d2:ac:e9:57:9f:ed:1d:ee:b3:fa:62:04:8c: > 6c. > Are you sure you want to continue connecting (yes/no)? > ----------------------------------------------------------------- > > and when you answer 'yes' the public key will be saved to your > ~/.ssh/known_hosts file. This prevents the so called > man-in-the-middle-attack. Search google or wikipedia for more details. > > If you reflash your phone, the public key changes (it is unique and > generated on the first boot) and your ssh believes there is an attack. > Somewhere on the wiki is a description how to shut this behaviour off, > but I hope nobody will ever inactivate this vigilance. > _______________________________________________ Openmoko community mailing list community@lists.openmoko.org http://lists.openmoko.org/mailman/listinfo/community