LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-08-2020, 01:31 PM   #1
salilsurendran
LQ Newbie
 
Registered: May 2015
Posts: 14

Rep: Reputation: Disabled
StrictHostKeyChecking not working


I am trying to ssh to a host via a bastion. I have set StrictHostKeyChecking=no for both ssh as well as the ProxyCommand
Code:
ssh -i ~/mykey.pem-prod hadoop@final.destination.ec2.internal -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no -o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -i ~/mykey.pem-prod ec2-user@mybastion.us-east-1.amazonaws.com
Sometimes it works but sometimes I get this message:

Code:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
    @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
    IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
    Someone could be eavesdropping on you right now (man-in-the-middle attack)!
    It is also possible that a host key has just been changed.
    The fingerprint for the ECDSA key sent by the remote host is
    SHA256:
    Please contact your system administrator.
    Add correct host key in /Users/myname/.ssh/known_hosts to get rid of this message.
    Offending ECDSA key in /Users/myname/.ssh/known_hosts:7
    Password authentication is disabled to avoid man-in-the-middle attacks.
    Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
    Error: forwarding disabled due to host key check failure
    ssh_exchange_identification: Connection closed by remote host
I was thinking that StrictHostKeyChecking=no should prevent this problem.
 
Old 05-08-2020, 02:50 PM   #2
ehartman
Senior Member
 
Registered: Jul 2007
Location: Delft, The Netherlands
Distribution: Slackware
Posts: 1,674

Rep: Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872Reputation: 872
Quote:
Originally Posted by salilsurendran View Post
I was thinking that StrictHostKeyChecking=no should prevent this problem.
No, it only works for NEW hosts, not existing ones of which the key has changed:
Quote:
If this flag is set to no, ssh will automatically add new host keys to the user known hosts files.
As a system with a changed host key is already there, it is not a new system to be added, you would have to remove it first from the known_hosts file.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Disable StrictHostKeyChecking for a DHCP and DNS-using subnet AlucardZero Linux - Security 10 12-30-2010 11:19 AM
ssh client und StrictHostKeyChecking (Debian) koriban Linux - Software 1 08-31-2008 12:13 PM
samba working, then installed openSSL and not samba not working hamish Linux - Networking 3 05-17-2004 01:50 PM
Ethernet Adapter not working or Network not working... phoenix07 Linux - Hardware 2 04-09-2004 06:58 PM
cannot download files in mozilla -save dialog not working, galeon not working cmisip Linux - General 0 08-03-2003 03:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 09:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration