A poster on comp.os.linux.misc suggested the following perl script which does what I
wanted
and does it well. I think it's quite a bit more secure than my original attempts to
just
disable SSH's host checking, because I can still verify the authenticity of each ECE
machine
that isn't new.
I had always wondered why the ECS labs didn't employ this kind of strategy for keeping
system
load even, but I think the research it took to get SSH to work well in this situation
may at
least partly be the reason they don't.
------ begin perl script --------------------------
#!/usr/bin/perl -w
use strict;
use Socket;
my(@addrs);
my($dest_name);
my($host) = "snake.ece.ucdavis.edu";
@addrs = (gethostbyname($host))[4];
$dest_name = gethostbyaddr($addrs[0], AF_INET);
exec("ssh @ARGV $dest_name");
------ end perl script ----------------------------
On Tue, 8 Jan 2002 18:34:03 -0800, Ken Bloom <[EMAIL PROTECTED]> wrote:
> On second thought, I think that I'm getting the same IP each time, but different
>host keys
> each time, considering my errors, and considering that I have 'CheckHostIP no' set.
>Error is
> included:
>
> [SNIP ERROR MESSAGE]
>
> There was much rejoicing when Ken Bloom <[EMAIL PROTECTED]> spoke thus:
> > The Electrical and Computer Engineering department has set up a system where, by
>connecting to
> > the address snake.ece.ucdavis.edu, the department hands off connections to the
>least busy HP
> > computer in their lab. I was trying, today to use ssh to connect to these HP
>computers by
> > SSH. The first try, (and some random tries after that), SSH would connect OK. Most
>other
> > times, however, the remote computer would fail the test because I was being handed
>off to a
> > different HP system.
> >
> > I am currently trying to connect using a shell script I created named snake:
> >
> > #! /bin/bash
> > cat > ~/.sshconfig << ENDOFCONFIG
> > StrictHostKeyChecking no
> > CheckHostIP no
> > ENDOFCONFIG
> > ssh -F ~/.sshconfig [EMAIL PROTECTED]
> >
> > (neither of these configuration options seem to be doing the trick, even after I
>deleted the
> > offending key from ~/.ssh/known_hosts)
> >
> > Is there any way to make SSH ignore the tests that it uses to verify host
>authenticity when
> > I connect to snake.ece.ucdavis.edu?
_______________________________________________
vox-tech mailing list
[EMAIL PROTECTED]
http://lists.lugod.org/mailman/listinfo/vox-tech
