Hello & thanks for reading.
I'm having a problem configuring known_hosts from scripts so an accept
key yes/no prompt doesn't appear.
I'm using this command to detect if the server is known and add it to
known_hosts:
if ! ssh-keygen -F ${IP_ADDR} -f ~/.ssh/known_hosts > /dev/null 2>&1; t
hen ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi
This works fine for the machine that has only one port (22) in
sshd_config, but for a machine that is being accessed on a
non-standard port (they happen to be different versions of Ubuntu as
well, I don't think that's the difference), the code has to be changed
to this:
if ! ssh-keygen -F [${IP_ADDR}]:${PORT} -f ~/.ssh/known_hosts > /dev/null 2>&1;
then ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi
And, as suggested for security, if I add -H to the ssh-keyscan, then
the IP addresses are hashed and the if statement fails every time, no
matter what so the keys are added over and over again.
I figure I'm doing something wrong. Is there a generic way to cause
ssh to generate keys for known_hosts consistently across multiple
configurations with a hash?
Thanks,
Brian
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
