On Mon, Jan 17, 2011 at 05:11:12PM -0700, Jon Jensen wrote: > > What you lose by turning host key caching off entirely, though, is any > warning when keys suddenly change for no reason.
The reason I'm doing this, actually, is for installation. Specifically, while a machine is being installed, I often need to connect in to check on Anaconda (the installer). While the installer is running, the host key is garbage. Our postinstall script then updates a global host keys file. Having a well-maintained global host keys file means that if ssh notices the host key changing, then there's actually something wrong. The "securish shell" alias, when used appropriately, helps keep my paranoia from being dulled by too-frequent exposure to scary messages from ssh. This is probably the first time in my life where host key caching is actually helpful in any way. :) -- Andrew McNabb http://www.mcnabbs.org/andrew/ PGP Fingerprint: 8A17 B57C 6879 1863 DE55 8012 AB4D 6098 8826 6868 -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
