Problem in logging in freerunner through ssh
Stroller
stroller at stellar.eclipse.co.uk
Thu Jul 17 23:11:45 CEST 2008
I keep the following command in my .bash_profile:
alias ssg="ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/
dev/null"
I then `ssg` to hosts which are liable to have changing ssh keys.
Joachim Steiger's suggestion, limiting relaxed HostKeyChecking to a
single IP is less useful to me, because I most always have a machine
or two on the network which are getting fresh or temporary o/s
installs, or which receive dynamic addresses (and which consequently
share the 192.168.1.100 - 192.168.1.102 range of addresses).
His suggestion causes me to wonder if I should just disable
HostKeyChecking for all addresses in 192.168.x.y, but the thought
does pique my paranoia.
Stroller.
On 17 Jul 2008, at 20:26, Marcus Bauer wrote:
>
> Paul Bonser answered already with the fix.
>
> I'll add the reason: whenever you connect to an unknown system, you
> are
> asked if you want to accept the key like this:
>
> -----------------------------------------------------------------
> The authenticity of host '192.168.0.202 (192.168.0.202)' can't be
> established.
> RSA key fingerprint is d8:c1:d2:ac:e9:57:9f:ed:1d:ee:b3:fa:62:04:8c:
> 6c.
> Are you sure you want to continue connecting (yes/no)?
> -----------------------------------------------------------------
>
> and when you answer 'yes' the public key will be saved to your
> ~/.ssh/known_hosts file. This prevents the so called
> man-in-the-middle-attack. Search google or wikipedia for more details.
>
> If you reflash your phone, the public key changes (it is unique and
> generated on the first boot) and your ssh believes there is an attack.
> Somewhere on the wiki is a description how to shut this behaviour off,
> but I hope nobody will ever inactivate this vigilance.
>
More information about the community
mailing list