> I've got an internal server that should be able to ssh to all of my
> machines passwordless. This works:
> ---
> 30 deathstar /una/cgi-bin # ssh beta
> No mail.
> DISPLAY set to deathstar.macromedia.com:0.0
> 1 beta ~ #
> ---
(Looks like your login scripts munge up your DISPLAY. It should be
beta:10.0 or something similar.)
> But when I try to do this for another user (root@deathstar ->
> user@beta), despite having copied over the .shosts and
> .ssh/known_hosts (and changed ownership), I get:
It talks about canonical name in the error message you get. Maybe your
known_hosts includes only the short name without the fully qualified
domain extension. Then, when ssh tries to map "deathstar" (which is what
your known_hosts probably contains) back to "deathstar.macromedia.com",
it of course fails.
Instead of generating small little known_hosts and copying them over to
each user's home directory, you should probably generate a system-wide
hosts file (either by hand or with make-ssh-known-hosts) and have that
in the /etc directory of each system with world-readable permissions.
Make-ssh-known-hosts makes sure that all of the possible names of a
system are included, for example, in my case they look like this:
host,host.subdomain,host.subdomain.helsinki.fi,128.214.n.n (key follows)
> deathstar: Remote: Your host key cannot be verified: unknown or invalid host key.
> deathstar: Remote: The host name used to check the key was
>'deathstar.macromedia.com'.
--
Atro Tossavainen - email available at URL below - +358-9-850-111-86
http : / / www . iki . fi / atro . tossavainen /
