David Brown wrote: > On Sat, Aug 16, 2008 at 04:38:34PM -0700, James G. Sack (jim) wrote: > >> Is there some way to totally ignore hostkey for certain hosts? > > Not easily, and it is fairly important from a security point of view > that you don't do this. > > There is a simple solution, copy the same host key to all of the > multi-boot images that the machine uses. Then, they will each get the > same key. Just look for the /etc/ssh/ssh_host* files. > > It is also possible to put the multiple hosts keys in your > ~/.ssh/known_hosts, just have the multiple lines naming the same host. > > The old ssh protocol wasn't nearly as strict about checking this, and > it is _trivial_ to inject a man-in-the middle attack on an ssh 1 > connection. > > Without knowing who you are talking to, the encryption of the > connection is pointless. >
I actually know all that (and agree). My scenario is that I want to use ssh as a better rsh, and transport tunnel for other apps -- in this case entirely within my LAN. I would even be happy to turn off encryption. I also thought of synchronizing the machine hostnames (which seems like the most appropriate answer), but was looking for a lazier solution. ;-) I didn't think of the suggestion of multiple entries in known_hosts, but I think I'll skip that, as it is even more work. ;-) I suppose the bottom line is I'm trying to use the tool for a different purpose than intended. OK, fair 'nuff. Regards, ..jim -- KPLUG-List@kernel-panic.org http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
