Hi,


How can I say "yes" to the ssh fingerprint authentication question automatically in my script?


Thanks

Probably not a good idea to disable entirely (see Man in the middle attacks) but look at StrictHostKeyChecking in ssh.conf

ssh automatically maintains and checks a database containing identifica-
tion for all hosts it has ever been used with. Host keys are stored in
~/.ssh/known_hosts in the user's home directory. Additionally, the file
/etc/ssh/ssh_known_hosts is automatically checked for known hosts. Any
new hosts are automatically added to the user's file. If a host's iden-
tification ever changes, ssh warns about this and disables password
authentication to prevent server spoofing or man-in-the-middle attacks,
which could otherwise be used to circumvent the encryption. The
StrictHostKeyChecking option can be used to control logins to machines
whose host key is not known or has changed.

Yes, I know. But I want to set up a basic environment within a shell script. In that I want to include the basic connection to a backup server (in order for the user not to have to say 'yes').
So I know the host key will be correct, but I just need to be able to say "yes" to it in an automatic way...

I also checked the sources of OpenSSH and it seems it is reading/writing from & to /dev/tty... Is there a possibility to say yes automatically?

Start from

man yes

- maybe it'll work with 'ssh'.

It doesn't

You were partially (80%) right with this one:

ssh -o StrictHostKeyChecking=no root@other_ip

==> Auto-add to known_hosts file!

Then 'expect': http://en.wikipedia.org/wiki/Expect .

Thanks for the 80%! :-) Have you actually tried it using a batch file yet? I'm running batch file ssh connects on a machine that has StrictHostKeyChecking set to 'ask' in the ssh_config, and it doesn't stop for any input. I have an idea that there is a special case for batch files, but can't find any reference to this.

####### StrictHostKeyChecking
#
# If this flag is set to "yes", ssh will never automatically add
# host keys to the $HOME/.ssh/known_hosts and
# $HOME/.ssh/known_hosts2 files, and refuses to connect to hosts
# whose host key has changed. This provides maximum protection
# against trojan horse attacks. However, it can be somewhat annoy-
# ing if you don"t have good /etc/ssh_known_hosts and
# /etc/ssh_known_hosts2 files installed and frequently connect to
# new hosts. This option forces the user to manually add all new
# hosts. If this flag is set to "no", ssh will automatically add
# new host keys to the user known hosts files. If this flag is set
# to "ask", new host keys will be added to the user known host
# files only after the user has confirmed that is what they really
# want to do, and ssh will refuse to connect to hosts whose host
# key has changed. The host keys of known hosts will be verified
# automatically in all cases. The argument must be "yes", "no"
# or "ask". The default is "ask"

Yes, you can also supply it on the command line using -o ....

Why not supply the server public key along with the script. You can then specify it like: