Re: How to remove old entries from known_hosts?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Brian Candler wrote:
> Chris Green wrote:
> > ... redundant ones are because I have a mixed population of
> > Raspberry Pis and such on my LAN and they get rebuilt fairly
> > frequently and thus, each time, get a new entry in known_hosts.
> ...many useful tips...
> To disable host key checking altogether for certain domains and/or networks,
> you can put this in ~/.ssh/config:
>
> host *.lab.example.com 10.11.*
>   StrictHostKeyChecking no
>   UserKnownHostsFile /dev/null
> ...many useful tips...

Additionally I would consider setting up global ssh_known_hosts
containing the ssh host keys for your network.  If a key is in the
global file then it won't be added to the local client file.  The
global hosts file can be updated as you rebuild your lab machines and
contain a canonical set of host keys for your LAN.  I do this.

Bob
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux