HPE Community
Operating System - HP-UX
1835039 Members
3497 Online
110073 Solutions
New Discussion

ssh experts only

 
SOLVED
Go to solution
Mark Zurl
Frequent Advisor

‎01-31-2008 04:37 PM

‎01-31-2008 04:37 PM

ssh experts only


Is it possible for any entry in the $HOME/.ssh/known_hosts file to expire?

I have a cronjob that fails, and seems to indicate the imbedded "scp" in the script is failing because the "first time only" verification prompt (see below) keeps re-occuring.

OS is HP-UX 11.11, and 11.23

"The authenticity of host 'hpsystem (XXX.XX.31.101)' can't be established.
RSA key fingerprint is e3:5a:11:a4:60:a5:26:fb:11:41:e2:e0:93:15:25:c9.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'hpsystem' (RSA) to the list of known hosts."

OS is HP-UX 11.11 and 11.23.

Cheers,
Mark
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
5 REPLIES 5
Olivier Masse
Honored Contributor

‎01-31-2008 04:44 PM

‎01-31-2008 04:44 PM

Solution

Re: ssh experts only

Is the system you're connecting to part of a cluster? If this is the case, if the host keys of the nodes are not the same, any automated ssh or scp will prompt this message.

You can bypass it by using "-o StrictHostKeyChecking=no", but this might be against your security policy. If this is an issue, there are other solutions to this, such as using an ssh deamon listetning to a different port, but bound to the same host key on all your nodes.
0 Kudos
Mark Zurl
Frequent Advisor

‎01-31-2008 04:53 PM

‎01-31-2008 04:53 PM

Re: ssh experts only

Olivier, your awesome!

Yes, the problem does appear in a SG environment. Good call. I'll assume you are right and proceed with your suggestions.

If anyone else would like to comment, I'd like to hear your thoughts also.

Thanks again,
Mark
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
Michael Steele_2
Honored Contributor

‎01-31-2008 05:05 PM

‎01-31-2008 05:05 PM

Re: ssh experts only

Set the cronjob to include debugging ' ssh -v -v -v ' and 'cksum' the key files on all nodes. Regenerate new keys?
Support Fatherhood - Stop Family Law
0 Kudos
Mark Zurl
Frequent Advisor

‎01-31-2008 05:19 PM

‎01-31-2008 05:19 PM

Re: ssh experts only

Michael -
Thanks for your input.
Mark
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
Mark Zurl
Frequent Advisor

‎02-04-2008 01:06 PM

‎02-04-2008 01:06 PM

Re: ssh experts only

I have modified the client configuration as suggested in the thread.
Tech Tip #167: Coffee and donuts make a meal.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.