ssh connection issues ... how to deal with ?

[TSch]

Hi folks,

I was wondering ...
What would be the best way to deal with issues like this:

The authenticity of host 'server1 (192.168.17.17)' can't be established.
RSA key fingerprint is 21:b1:9a:38:2c:c7:da:dd:69:02:39:0b:cd:dc:dc:34.
Are you sure you want to continue connecting (yes/no)?

As for the background:
We're using several scripts that automatically scan our LPARs and connect to each server they find performing certain actions on every server. From time to time servers are being added. This leads to the issue mentioned above and prevents the script from completing without us being informed of this.

Because there are dozens of server combinations, what we don't want to do is connect manually from each source server to every new target and enter "yes". So what we need is a way to let the script do it for us whenever it encounters such a message.

Any suggestions ?

Regards,
Thomas

 

[feherke]

Hi

Not sure if this applies to your system too, but on Linux is controlled by the /etc/ssh/ssh_config or ~/.ssh/config file's [tt]StrictHostKeyChecking[/tt] entry, which defaults to 'ask'. You want it 'no'. See [tt]man ssh_config[/tt] for details.

Feherke.

http://feherke.github.com/

 

[SamBones]

That means the SSH host key for that server has changed for some reason. It's no big deal. Just do this.
[ol]
[li]Go to your home directory.[/li]
[li]cd to [tt]./.ssh[/tt][/li]
[li]Edit the file [tt]known_hosts[/tt][/li]
[li]Delete all references to that host[/li]
[li]Save the file[/li]
[li]Do the ssh command again[/li]
[/ol]

You will be asked to save the new key for that host. Say Yes.

This will get the new key and everything should be back to normal.

Hope this helps.

 

[tarn]

Obviously you risk "Man in the middle" attacks but you can tell your client not to check the host keys and just log you in anyway with ......

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@somehost

IHTH

Laurie.