- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - Linux
- >
- System Administration
- >
- Disable ssh host key
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-07-2010 10:35 PM
03-07-2010 10:35 PM
Disable ssh host key
I want to disable ssh authentication message.
If I do ssh to the 10.58.131.51 machine, I have to type "yes" first time before giving password.
How can I avoid this?
I have already configured passwordless ssh authentication.
How can I avoid the following message ?
The authenticity of host '10.58.131.51 (10.58.131.51)' can't be established.
RSA key fingerprint is 92:01:d7:e4:b0:69:8a:21:bd:ee:10:a2:39:35:7e:46.
Are you sure you want to continue connecting (yes/no)?
Please help me in this regard. I am using RHEL 5.4 on an HP hardware and open ssh version is ssh 4.3p.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-07-2010 11:08 PM
03-07-2010 11:08 PM
Re: Disable ssh host key
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-07-2010 11:28 PM
03-07-2010 11:28 PM
Re: Disable ssh host key
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-07-2010 11:31 PM
03-07-2010 11:31 PM
Re: Disable ssh host key
The OpenSSH suite includes a ssh-keyscan tool to create this file quickly (run "man ssh-keyscan" to see documentation).
If /etc/ssh/ssh_known_hosts does not exist or does not contain the public hostkey of the host you're connecting to, the SSH client will show you that message, then attempt to save the host key to $HOME/.ssh/known_hosts. If $HOME/.ssh is not writable by the user, this step is simply skipped and the message will be displayed again in the future.
(NOTE: $HOME/.ssh should normally be owned by the user that's using it, and have drwx------ permissions. The directory must be protected from write access of other users, or else SSH will not use any files found in it.)
If you really cannot have neither a centralised /etc/ssh/ssh_known_hosts file for all users nor a regular per-user $HOME/.ssh/known_hosts file, it is possible to set the StrictHostKeyChecking option to "no", although this is definitely not recommended because that configuration will allow an attacker to set up a proxy between you and the host you're connecting to without your noticing. Such a proxy would see all your SSH traffic unencrypted (it would decrypt everything it receives, then re-encrypt it for the real connection target).
This option can be specified in the command line as "ssh -o StrictHostKeyChecking=no", or it can be configured in $HOME/.ssh/config or /etc/ssh/ssh_config as:
StrictHostKeyChecking no
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-08-2010 01:00 AM
03-08-2010 01:00 AM
Re: Disable ssh host key
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-08-2010 01:56 AM
03-08-2010 01:56 AM
Re: Disable ssh host key
I haven't read the through the replies already given, so the answer most likely has been given already.
Anyway, the reliance on your ssh client's security measures is totally up to the user's discretion, and can mostly be (deliberately) undermined (provided the remote ssh server permits this).
E.g. here's what I often do when I have tunneled some port by local or remote port forwarding in advance.
$ ssh -o userknownhostsfile=/dev/null -o stricthostkeychecking=no -p 2222 localhost ...
If you want to supress any warning messages informing you that the host key has been added to user's known hosts file (which of course is /dev/null) simply add the -q option to the command.
If you feel this is too much typing then edit your ~/.ssh/config file and put in some stanza like this (indentations and case are irrelevant):
Host inconsiderate
HostName 1.2.3.4
User somebody
UserKnownHostsFile /dev/null
StrictHostkeyChecking no
LogLevel quiet
Then you can simply connect by
$ ssh inconsiderate
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
03-09-2010 06:05 AM
03-09-2010 06:05 AM
Re: Disable ssh host key
if you want to use ssh from within a script, use this:
# ssh -o BatchMode yes
"The option BatchMode specifies whether a username and password querying on connect will be disabled. This option is useful when you create scripts and dont want to supply the password. e.g. Scripts that use the scp command to make backups over the network. "
AFAIK in BatchMode that question won't appear, and the machine will be skipped.
Regards,
Viktor
Unix operates with beer.
Hewlett Packard Enterprise International
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP