SSH Host Keys... Evitar interactuar cuando hay cambiodeclave...

Alvaro Herrera alvherre en alvh.no-ip.org
Mie Sep 13 22:11:06 CLT 2006


Andrés Ruz Salinas escribió:
> Y ¿cómo puedo evitarlo y no tener que responder "yes" cada vez que hay un
> cambio de IP?
> 
> Necesito realizar esta tarea por que estoy usando por cron la aplicación
> "rsync" usando SSH y si el "fingerprint" cambia tengo que interactuar de la
> forma ya mencionada y como saben, no tiene sentido, si se supone que son
> tareas programadas que no necesitan interacción del usuario.
> 
> ¿ Alguna sugerencia o solución ?

Una sugerencia: RTFM.

Un extracto del FM ssh_config(5):

     StrictHostKeyChecking
             If this flag is set to ``yes'', ssh will never automatically add
             host keys to the ~/.ssh/known_hosts file, and refuses to connect
             to hosts whose host key has changed.  This provides maximum pro-
             tection against trojan horse attacks, however, can be annoying
             when the /etc/ssh/ssh_known_hosts file is poorly maintained, or
             connections to new hosts are frequently made.  This option forces
             the user to manually add all new hosts.  If this flag is set to
             ``no'', ssh will automatically add new host keys to the user
             known hosts files.  If this flag is set to ``ask'', new host keys
             will be added to the user known host files only after the user
             has confirmed that is what they really want to do, and ssh will
             refuse to connect to hosts whose host key has changed.  The host
             keys of known hosts will be verified automatically in all cases.
             The argument must be ``yes'', ``no'' or ``ask''.  The default is
             ``ask''.


-- 
Alvaro Herrera                 http://www.amazon.com/gp/registry/CTMLCN8V17R4
Este mail se entrega garantizadamente 100% libre de sarcasmo.


Más información sobre la lista de distribución Linux