On 4/5/07, Alok G. Singh <[EMAIL PROTECTED]> wrote: > On 5 Apr 2007, [EMAIL PROTECTED] wrote: > > On Thursday 05 April 2007 08:29, Alok G. Singh wrote: > On 29 Mar 2007, > [EMAIL PROTECTED] wrote: > >>>> The scenario is simple. I have a setup with port forwarding, > >>>> where my ssh client thinks am connecting to a different host > >>>> each time. ( ip remains same, port is different on ssh > >>>> commandline ) and its a hassle to delete the "cached" line from > >>>> the known_hosts everytime. > >>> > >>> man ssh_config , look at the UserKnownHostsFile directive. Set > >>> it to /dev/null in the config file or on the ssh command line. > >> > >> madduck had a useful post about this recently [1]. CheckHostIP and > >> StrictHostkeyChecking are essential in guaranteeing a secure > >> connection and global disabling of them will just give you a false > >> sense of security. > > > > ...and do you have a better method of solving his problem? > > TBH, I don't quite understand how the port on the host being connected > to changes every time. I have a pool of machines behind a nat ( port forwarding ) which have different ips. so to connect to any machine i have to give <ip of port forwarding host> + <different port for each host> in ssh commandline.
> Given that, I was merely pointing out (what I > thought) were elegant solutions to the problem of host key checks for > machines you don't care about too much and the caveats of not doing a > host key check for _every_ machine that is being connected to. Thanks for the brainstorm, however the "flaw" is with the openssh client which does not consider port information as a part of a session. There are other contrived ways of getting it done without disabling the strict check. however they rely on the fact that the hostname would remain constant and unique. The easiest way I found was to not use openssh client, but plink ( part of putty-tools in Ubuntu ) which works faster, equally secure and considers port information as a part of session info . Its the linux-port of the popular putty available under windows :) I don't know the exact details but plink works faster than openssh client for some reason. Oh and if you want to provide password on command prompt, plink lets you do that :) regards, C ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ linux-india-help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/linux-india-help
