[clue-tech] ssh, vim helper
Collins Richey
crichey at gmail.com
Sat Oct 18 19:43:46 MDT 2008
On Sat, Oct 18, 2008 at 5:39 PM, David L. Anselmi <anselmi at anselmi.us> wrote:
> Collins Richey wrote:
>>
>> On Fri, Oct 17, 2008 at 8:28 AM, Patrick H. <clue at feystorm.net> wrote:
>>>
>>> You can also set "StrictHostKeyChecking no" in /etc/ssh/ssh_config or
>>> ~/.ssh/config
>>> You'll still get a warning, but it wont refuse to let you in the box.
>>
>> We use that a fair amount at work, since we rebuild machines with the
>> same host/ip setting frequently.
Also we use the StrictHostKeyChecking=no option when rsyncing a user's
private data to a replacement machine. ssh has been known to prompt
again for passwords at random times during the copy. It's a real ah
stuff scenario when you start a copy at 5PM and find out the next
morning that this has happened.
>
> Why doesn't your rebuild put the same key on the machine? You already go
> through the trouble of setting the name and IP.
In most cases the new machine being setup is reusing a hostname/ip
address that was retired some time earlier (interns, left the company,
etc.), and we don't keep track of the old keys. In the other case.
rebuilding a replacement machine for one that has failed, we do retain
the keys.
>
> Do you use /etc/ssh/ssh_known_hosts so users don't have to identify man in
> the middle attacks themselves?
>
In almost all cases our users are internal, behind a firewall, not
visible on the wild and wooly internet.
--
Collins Richey
If you fill your heart with regrets of yesterday and the worries
of tomorrow, you have no today to be thankful for.
More information about the clue-tech
mailing list