Scott Garman <[EMAIL PROTECTED]> writes: > In resignation, I instead hacked up a different solution, and now tell > ssh to use /dev/null instead of ~/.ssh/known_hosts as where to save host > keys for my local subnet. If anyone knows a better solution to this, > please enlighten me. Here is my final ~/.ssh/config file: > > Host 192.168.1.* > StrictHostKeyChecking no
This should still work. We use it all the time. The other thing you could do is to never change your host keys, when you re-install, re-install old, cached keys. We do this all the time too. With 400+ systems which get reinstalled on the order of 10-100 times a week, we maintain a universal /etc/ssh/ssh_known_hosts file with the ssh keys generated when a system is added to our lab network. That hostname then, forever, has those keys. We cache them in an NFS volume, gpg encrypted, and upon re-install, they're decrypted, and re-installed on the "new" system. We even have a 'fixssh' script which does all this for us, which I'd be happy to share as well. If you truly want to avoid host key lookup entirely, use Kerberos! Works like a charm. -- Seeya, Paul _______________________________________________ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
