Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ssh connection issues ... how to deal with ?

Status
Not open for further replies.

TSch

Technical User
Jul 12, 2001
557
DE
Hi folks,

I was wondering ...
What would be the best way to deal with issues like this:

Code:
The authenticity of host 'server1 (192.168.17.17)' can't be established.
RSA key fingerprint is 21:b1:9a:38:2c:c7:da:dd:69:02:39:0b:cd:dc:dc:34.
Are you sure you want to continue connecting (yes/no)?

As for the background:
We're using several scripts that automatically scan our LPARs and connect to each server they find performing certain actions on every server. From time to time servers are being added. This leads to the issue mentioned above and prevents the script from completing without us being informed of this.

Because there are dozens of server combinations, what we don't want to do is connect manually from each source server to every new target and enter "yes". So what we need is a way to let the script do it for us whenever it encounters such a message.

Any suggestions ?

Regards,
Thomas
 
Hi

Not sure if this applies to your system too, but on Linux is controlled by the /etc/ssh/ssh_config or ~/.ssh/config file's [tt]StrictHostKeyChecking[/tt] entry, which defaults to 'ask'. You want it 'no'. See [tt]man ssh_config[/tt] for details.

Feherke.
 
That means the SSH host key for that server has changed for some reason. It's no big deal. Just do this.
[ol]
[li]Go to your home directory.[/li]
[li]cd to [tt]./.ssh[/tt][/li]
[li]Edit the file [tt]known_hosts[/tt][/li]
[li]Delete all references to that host[/li]
[li]Save the file[/li]
[li]Do the ssh command again[/li]
[/ol]

You will be asked to save the new key for that host. Say Yes.

This will get the new key and everything should be back to normal.

Hope this helps.


 
Obviously you risk "Man in the middle" attacks but you can tell your client not to check the host keys and just log you in anyway with ......

Code:
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no user@somehost

IHTH

Laurie.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top