[ale] SSH configuraiton

Jerry Z. Yu z.yu at voicecom.com
Mon Feb 10 12:26:59 EST 2003 

	u r right. openssh's know_hosts is keyed with IP. I was thinking 
about F-secure's ssh1 version, which doesn't have IP keyed into know_hosts 
format.

On Mon, 10 Feb 2003, James P. Kinney III wrote:

#The persistence is due to the remote host IP address changing. Classic
#case: remote host using dynamic DNS listing gets new IP address from
#ISP. Next ssh connection grips about authenticity as the host key is
#good but it is keyed to the IP address.
#
#On Mon, 2003-02-10 at 11:24, Jerry Z. Yu wrote:
#> 	if you really really don't care about host authenticity, you can 
#> set 'StrictHostKeyChecking' to 'no', so ssh can automatically add new 
#> host keys to the user known hosts files.
#> 	 $HOME/.ssh/known_hosts should be persistent. Not sure why/what 
#> you are referring to on its impersistence?
#> 
#> 
#> On Mon, 10 Feb 2003, Jason Day wrote:
#> 
#> #On Mon, Feb 10, 2003 at 10:53:48AM -0500, cfowler wrote:
#> #> I want to configure ssh_config so that the users do not get the
#> #> following message.  I do not care about authenticity of hosts.  I jst
#> #> want encryption.  The ~/.ssh/known_hosts file is not persistent across
#> #> reboots so this message could become a little bit of a pain
#> #
#> #I don't think it can be done without a code change, since that would
#> #defeat most of the point.  You might be able to work around it, though.
#> #You say that ~/.ssh/known_hosts is not persistent, but could you make a
#> #persistent known_hosts file?  If so, you could set the
#> #StrictHostKeyChecking options to "yes" and the UserKnownHostsFile option
#> #to a persistent known_hosts file, which you would have to maintain.  If
#> #the server keys ever change, though, you will have to update the
#> #known_hosts file, or your users won't be able to connect.
#> #
#> #Jason
#> #-- 
#> #Jason Day                                       jasonday at
#> #http://jasonday.home.att.net                    worldnet dot att dot net
#> # 
#> #"Of course I'm paranoid, everyone is trying to kill me."
#> #    -- Weyoun-6, Star Trek: Deep Space 9
#> #_______________________________________________
#> #Ale mailing list
#> #Ale at ale.org
#> #http://www.ale.org/mailman/listinfo/ale
#> #
#> 
#> Jerry Z. Yu				+1-404-487-8544 (O)
#> systems engineer			z.yu at voicecom.com
#> is support, voicecom, llc		www.voicecom.com
#> 
#> _______________________________________________
#> Ale mailing list
#> Ale at ale.org
#> http://www.ale.org/mailman/listinfo/ale
#-- 
#James P. Kinney III          \Changing the mobile computing world/
#CEO & Director of Engineering \          one Linux user         /
#Local Net Solutions,LLC        \           at a time.          /
#770-493-8244                    \.___________________________./
#http://www.localnetsolutions.com
#
#GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
#<jkinney at localnetsolutions.com>
#Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 
#

Jerry Z. Yu				+1-404-487-8544 (O)
systems engineer			z.yu at voicecom.com
is support, voicecom, llc		www.voicecom.com

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list