I am testing ssh 1.2.26 on a couple of SGI
IRIX systems; eventually our site plans to use
ssh on all platforms, and disable rsh, rlogin, etc.
Because of a large diverse user community we are
anxious to keep the migration to ssh as trans-
parent as possible. (Links will allow users to
still use rsh, rlogin, etc.)
The problem that I can't get around is the query
from slogin whenever an unknown host is encountered.
This query will cause batch jobs (or 'at' jobs) to fail,
and confuse interactive users who are unfamiliar with
ssh. Of course, we can maintain an /etc/ssh_known_hosts
file which will cut down on the queries.
But what I have found with my testing, is that every
possible designation for a host must be listed before
that hosts public key. Because many platforms with
multiple designations will eventually use ssh, this
will become a big ugly job fast. NIS can be used to
distribute the ssh_known_hosts files, but just
maintaining the master copy will be a burden.
Is there any way around this? Is there a configuration
option that I'm missing?
My impression from reading the ssh manpage is that
being alerted that the target host is unknown is part
of the security of ssh, although if any host recompiles
and re-installs ssh, a new key is created (right?)
so, this query will occur after routine upgrades.
One final thing; I notice that slogin doesn't
cause the /etc/issue message on the target host
to be displayed, whereas rlogin displays this banner.
Thanks in advance for any information.
Mary McCann
=====================================================
Mary McCann Vmail: (301) 572-8901 mbox 5330
Email: [EMAIL PROTECTED]
=====================================================
