LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 02-26-2008, 10:01 AM   #1
lordofring
Member
 
Registered: Feb 2005
Posts: 91

Rep: Reputation: 15
ssh question


Hello,

When ssh connects a host at the first time, it will ask this question:
The authenticity of host '192.168.0.1(192.168.0.1)' can't be established.
RSA key fingerprint is a2:27:00:e0:28:93:31:f2:24:44:02:96:23:ae:53:98.
Are you sure you want to continue connecting (yes/no)?


I know I should type "yes" for it. And it won't ask again after that. My question is how do I skip this step? Thanks.

Regards,

lordofring
 
Old 02-26-2008, 10:11 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
from man ssh_config:
Quote:
StrictHostKeyChecking
If this flag is set to ``yes'', ssh(1) will never automatically
add host keys to the ~/.ssh/known_hosts file, and refuses to con-
nect to hosts whose host key has changed. This provides maximum
protection against trojan horse attacks, though it can be annoy-
ing when the /etc/ssh_known_hosts file is poorly maintained or
when connections to new hosts are frequently made. This option
forces the user to manually add all new hosts. If this flag is
set to ``no'', ssh will automatically add new host keys to the
user known hosts files. If this flag is set to ``ask'', new host
keys will be added to the user known host files only after the
user has confirmed that is what they really want to do, and ssh
will refuse to connect to hosts whose host key has changed. The
host keys of known hosts will be verified automatically in all
cases. The argument must be ``yes'', ``no'', or ``ask''. The
default is ``ask''.
so run "ssh -O StrictHostKeyChecking=yes ..." or permanently set it in your ssh_config file.
 
Old 02-26-2008, 10:32 AM   #3
lordofring
Member
 
Registered: Feb 2005
Posts: 91

Original Poster
Rep: Reputation: 15
Thanks, acid_kewpie. "StrictHostKeyChecking=no" works for me.
 
Old 02-26-2008, 10:37 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981Reputation: 1981
well i'd suggest you still use the feature. by setting a yes, the key will be accepted on first sight, but if it changes, which could suggest a MITM attack or some such you are still protected.
 
Old 02-26-2008, 11:09 AM   #5
lordofring
Member
 
Registered: Feb 2005
Posts: 91

Original Poster
Rep: Reputation: 15
Yes, you are correct. I should use it for the security reason.
 
Old 02-26-2008, 11:26 AM   #6
farslayer
LQ Guru
 
Registered: Oct 2005
Location: Northeast Ohio
Distribution: linuxdebian
Posts: 7,247
Blog Entries: 5

Rep: Reputation: 191Reputation: 191
Heres a nice article on the topic... SSH Host Keys as a protection against Man-In-The-Middle Attacks
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh question tronica Linux - Server 3 06-24-2007 07:27 AM
Question About SSH carlosinfl Linux - Security 9 02-23-2006 10:27 AM
ssh-agent/ssh-add question mega Slackware 2 01-26-2005 03:09 AM
Some question about SSH iamthewind Linux - Networking 3 12-26-2004 07:49 PM
question about ssh erikm103 Linux - General 2 03-11-2003 02:30 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:38 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration