Brian Candler wrote: > Chris Green wrote: > > ... redundant ones are because I have a mixed population of > > Raspberry Pis and such on my LAN and they get rebuilt fairly > > frequently and thus, each time, get a new entry in known_hosts. > ...many useful tips... > To disable host key checking altogether for certain domains and/or networks, > you can put this in ~/.ssh/config: > > host *.lab.example.com 10.11.* > StrictHostKeyChecking no > UserKnownHostsFile /dev/null > ...many useful tips... Additionally I would consider setting up global ssh_known_hosts containing the ssh host keys for your network. If a key is in the global file then it won't be added to the local client file. The global hosts file can be updated as you rebuild your lab machines and contain a canonical set of host keys for your LAN. I do this. Bob _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev