----- "Filipe Brandenburger" <filbranden@xxxxxxxxx> wrote: > Hi, > > On Mon, Jun 29, 2009 at 11:57, Tim Nelson<tnelson@xxxxxxxxxxxxx> > wrote: > > I connect to a very large number of new machines with a handful of > my CentOS boxen. Whenever I connect to a new host, I *REALLY* would > like to *NOT* see the error message such as this: > > The authenticity of host 'w.x.y.z (w.x.y.z)' can't be established. > > RSA key fingerprint is > 62:7a:6c:e5:03:f5:47:be:23:a5:c5:e5:c3:60:9b:8d. > > Are you sure you want to continue connecting (yes/no)? yes > > Also, some of these systems are being setup with an automated login > system via SSH keys which means I have to manually login to each of > the boxes before the automated scripting will work just to clear the > 'authenticity' error. > > Is there a way to disable this error/authenticity check globally for > a system? I understand it may not be the best practice in terms of > security, but for an internal trusted host, I have no reservations > making this change. > > Yes, > > You can do it for one session only (which is convenient for a script) > like this: > > $ ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no > ... > > If you want to do that permanent, you can add the two last options to > /etc/ssh/ssh_config, like this: > > UserKnownHostsFile /dev/null > StrictHostKeyChecking no > > But I don't think you can get the same as the "-q" does, which > suppresses the "Adding key to file..." text on the first login. > > In any case, I don't think you should do it globally, but do it using > the long command line on your script only. > > I also create a bash alias "qssh" which calls ssh with those options, > which is handy when I'm trying to connect to a machine that I know > will get reinstalled many times (and thus have its private key > changed) and I really don't want to store it in my > ~/.ssh/known_hosts. > > HTH, > Filipe > _______________________________________________ > CentOS mailing list > CentOS@xxxxxxxxxx > http://lists.centos.org/mailman/listinfo/centos Thank you everyone for the helpful suggestions. I'm entirely unsure why I didn't come across these options during my 'man ssh' and obligatory Googling... Maybe it was because there were no pointing fingers or large blinking arrows to point the way. :-) --Tim _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos