known_hosts question for Ubuntu Server 14.04 and 16.04 LTS

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hello & thanks for reading.

I'm having a problem configuring known_hosts from scripts so an accept
key yes/no prompt doesn't appear.

I'm using this command to detect if the server is known and add it to
known_hosts:

if ! ssh-keygen -F ${IP_ADDR} -f ~/.ssh/known_hosts > /dev/null 2>&1; t
hen ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi

This works fine for the machine that has only one port (22) in
sshd_config, but for a machine that is being accessed on a
non-standard port (they happen to be different versions of Ubuntu as
well, I don't think that's the difference), the code has to be changed
to this:

if ! ssh-keygen -F [${IP_ADDR}]:${PORT} -f ~/.ssh/known_hosts > /dev/null 2>&1;
then ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi

And, as suggested for security, if I add -H to the ssh-keyscan, then
the IP addresses are hashed and the if statement fails every time, no
matter what so the keys are added over and over again.

I figure I'm doing something wrong. Is there a generic way to cause
ssh to generate keys for known_hosts consistently across multiple
configurations with a hash?

Thanks,

Brian
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux