[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

completely suppress remote host identification checking for trusted local servers



Whenever I re-install a server ssh issues a warning:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
f1:7c:70:31:8f:2a:da:eb:21:37:e9:1a:6c:3d:d4:7a.
Please contact your system administrator.
Add correct host key in /home/foo/.ssh/known_hosts to get rid of this message.
Offending key in /home/foo/.ssh/known_hosts:218
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid
man-in-the-middle attacks.

But these are local compute-nodes in a cluster so that warning is
quite superfluous. In order to suppress this ssh warning I trick ssh
by this hack:

cat ~foo/.ssh/config
host local_server_name*
   StrictHostKeyChecking no
   UserKnownHostsFile=/dev/null

But I still get ssh going through the unnecessary step where it still
adds to the non-exisitant known_hosts file.

Warning: Permanently added 'eu003,10.0.0.3' (RSA) to the list of known hosts.
Warning: Permanently added 'eu004,10.0.0.4' (RSA) to the list of known hosts.
[snip]

This does add an overhead at startup of jobs that ssh to multiple
servers. Is there a better way out to completely suppress remote host
identification checks?

-- 
Rahul



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]