Re: Disabling host key checking on LAN

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



(+cc list)

You could use something in the following manner:

Match originalhost *      exec "/check/if/this/hostname/is/on/lan.sh"
    ...(lan-specific opts)...

But this one is a bit tricky to get right, as order of entries begins
to matter more than you would initially anticipate (or at least I
didn't). Also I am not using this mode with asterisk (*), but with
fixed hostnames (to determine ipv4-or-ipv6 connection without using
DNS) so it might not work at all.

b.


On 27 August 2015 at 01:25, Walter Carlson <wlcrls47@xxxxxxxxx> wrote:
> You nailed it.  I am using a single word hostname.
>
> Is there any way for me to specify the private IP space I'm using, so I can
> use single word hostnames in the command line, without having to list each
> of them in ssh_config?
>
> Setting CanonicalizeHostname it looks like just uses the CanoncialDomains
> suffixes and CanonicalizePermittedCNAMEs rules, which I don't think I can
> set up to canonicalize to IP address.
>
> I realize I could make the options I want globally set, but I wanted them to
> be defaults for if I ever used openssh with outside-my-network systems.
>
> On Wed, Aug 26, 2015 at 10:53 PM, Bostjan Skufca <bostjan@xxxxxx> wrote:
>>
>> Are you connecting by specifying "ssh HOSTNAME" instead of "ssh
>> IP.IP.IP.IP"?
>>
>> If this is the case, then "Host 192.168.*.*" line never matches when
>> you think it should.
>>
>> From ssh_config manpage:
>> "The host is the hostname argument given on the command line (i.e. the
>> name is not converted to a canonicalized host name before matching)."
>>
>> b.
>>
>> On 27 August 2015 at 00:21, Walter Carlson <wlcrls47@xxxxxxxxx> wrote:
>> > If I want to specify for LAN addresses that I don't want to deal with
>> > host
>> > keys, how do I do that?  Understanding the risks, knowing almost
>> > everyone
>> > will say not to do this - it's a horrible idea, but deciding I want to
>> > do
>> > it anyway.  Tired of having to remove entries from known_hosts with the
>> > multiple VM's I have that often change fingerprints, and am willing to
>> > live
>> > with the risks.
>> >
>> > /etc/ssh/ssh_config
>> > Host 192.168.*.*
>> >    StrictHostKeyChecking no
>> >    UserKnownHostsFile /dev/null
>> >
>> > or
>> >    UserKnownHostsFile none
>> >
>> > Isn't doing the trick.  With no known_hosts file in ~/.ssh or /etc, I
>> > still
>> > get:
>> > The authenticity of host '<hostname> (192.168.2.2)' can't be
>> > established.
>> > ECDSA key fingerprint is SHA256:.....
>> > Are you sure you want to continue connecting (yes/no)?
>> > _______________________________________________
>> > openssh-unix-dev mailing list
>> > openssh-unix-dev@xxxxxxxxxxx
>> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux