Rahul Nabar wrote: > Whenever I re-install a server ssh issues a warning: > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA host key has just been changed. > The fingerprint for the RSA key sent by the remote host is > f1:7c:70:31:8f:2a:da:eb:21:37:e9:1a:6c:3d:d4:7a. > Please contact your system administrator. > Add correct host key in /home/foo/.ssh/known_hosts to get rid of this message. > Offending key in /home/foo/.ssh/known_hosts:218 > Password authentication is disabled to avoid man-in-the-middle attacks. > Keyboard-interactive authentication is disabled to avoid > man-in-the-middle attacks. > > But these are local compute-nodes in a cluster so that warning is > quite superfluous. In order to suppress this ssh warning I trick ssh > by this hack: > > cat ~foo/.ssh/config > host local_server_name* > StrictHostKeyChecking no > UserKnownHostsFile=/dev/null > > But I still get ssh going through the unnecessary step where it still > adds to the non-exisitant known_hosts file. > > Warning: Permanently added 'eu003,10.0.0.3' (RSA) to the list of known hosts. > Warning: Permanently added 'eu004,10.0.0.4' (RSA) to the list of known hosts. > [snip] > > This does add an overhead at startup of jobs that ssh to multiple > servers. Is there a better way out to completely suppress remote host > identification checks? > > Edit your ~/.ssh/known_hosts file, and remove line 218 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
