[CentOS] SSH Authenticity Messages... Disable/

Filipe Brandenburger filbranden at gmail.com
Mon Jun 29 16:14:38 UTC 2009


Hi,

On Mon, Jun 29, 2009 at 11:57, Tim Nelson<tnelson at rockbochs.com> wrote:
> I connect to a very large number of new machines with a handful of my CentOS boxen. Whenever I connect to a new host, I *REALLY* would like to *NOT* see the error message such as this:
> The authenticity of host 'w.x.y.z (w.x.y.z)' can't be established.
> RSA key fingerprint is 62:7a:6c:e5:03:f5:47:be:23:a5:c5:e5:c3:60:9b:8d.
> Are you sure you want to continue connecting (yes/no)? yes
> Also, some of these systems are being setup with an automated login system via SSH keys which means I have to manually login to each of the boxes before the automated scripting will work just to clear the 'authenticity' error.
> Is there a way to disable this error/authenticity check globally for a system? I understand it may not be the best practice in terms of security, but for an internal trusted host, I have no reservations making this change.

Yes,

You can do it for one session only (which is convenient for a script) like this:

$ ssh -q -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ...

If you want to do that permanent, you can add the two last options to
/etc/ssh/ssh_config, like this:

    UserKnownHostsFile /dev/null
    StrictHostKeyChecking no

But I don't think you can get the same as the "-q" does, which
suppresses the "Adding key to file..." text on the first login.

In any case, I don't think you should do it globally, but do it using
the long command line on your script only.

I also create a bash alias "qssh" which calls ssh with those options,
which is handy when I'm trying to connect to a machine that I know
will get reinstalled many times (and thus have its private key
changed) and I really don't want to store it in my ~/.ssh/known_hosts.

HTH,
Filipe



More information about the CentOS mailing list