Problem in logging in freerunner through ssh

Stroller stroller at stellar.eclipse.co.uk
Thu Jul 17 23:11:45 CEST 2008


I keep the following command in my .bash_profile:

   alias ssg="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/ 
dev/null"

I then `ssg` to hosts which are liable to have changing ssh keys.

Joachim Steiger's suggestion, limiting relaxed HostKeyChecking to a  
single IP is less useful to me, because I most always have a machine  
or two on the network which are getting fresh or temporary o/s  
installs, or which receive dynamic addresses (and which consequently  
share the 192.168.1.100 - 192.168.1.102 range of addresses).

His suggestion causes me to wonder if I should just disable  
HostKeyChecking for all addresses in 192.168.x.y, but the thought  
does pique my paranoia.

Stroller.


On 17 Jul 2008, at 20:26, Marcus Bauer wrote:

>
> Paul Bonser answered already with the fix.
>
> I'll add the reason: whenever you connect to an unknown system, you  
> are
> asked if you want to accept the key like this:
>
> -----------------------------------------------------------------
> The authenticity of host '192.168.0.202 (192.168.0.202)' can't be
> established.
> RSA key fingerprint is d8:c1:d2:ac:e9:57:9f:ed:1d:ee:b3:fa:62:04:8c: 
> 6c.
> Are you sure you want to continue connecting (yes/no)?
> -----------------------------------------------------------------
>
> and when you answer 'yes' the public key will be saved to your
> ~/.ssh/known_hosts file. This prevents the so called
> man-in-the-middle-attack. Search google or wikipedia for more details.
>
> If you reflash your phone, the public key changes (it is unique and
> generated on the first boot) and your ssh believes there is an attack.
> Somewhere on the wiki is a description how to shut this behaviour off,
> but I hope nobody will ever inactivate this vigilance.
>




More information about the community mailing list