[wellylug] Disabling SSH remote host identification temporarily

[David Antliff]

On Thu, 27 Oct 2005, Andrew Stephen wrote:
> The client should not ever ignore this silently otherwise you'd be
> open to Man In The Middle (MITM) attacks[1].  Even if there is an
> option to turn of the warning I suggest you don't use it.

Andrew, thank you for your comments - however I am quite aware of the 
implications of a MITM attack. In this case, however, I've made it very 
clear that I *do* want the client to ignore the warning in this specific 
instance - I don't mind it being displayed to the user but I would quite 
like the client to continue and connect anyway (esp. since both hosts are 
on the same LAN and both are 'trusted').

> The StrictHostKeyChecking option allows you to "warn but allow" (no)
> or "warn and disallow" (yes) attempts to connect to servers whose keys
> have changed.

Well, that may be so but as per my original email It Doesnt Work Like 
That For Me. It warns and disallows regardless it seems. If it would warn 
and allow then I'd be happy and my problem would be solved.


> The best option is to copy the host keys as Grant suggests.  Another
> possibility would be to have Gentoo and that other OS configured with
> different IP addresses though this may not be easy if you use DHCP
> locally.

See previous email about client vs. server changes. Different IP addresses 
is an interesting idea (or even just different hostnames, since I think 
ssh stores those rather than the resolved IP addresses).

Incidentally I have found the behaviour is different depending on whether 
the authentication is via public key or password. Public key is 'warn and 
allow' and password is 'warn and disallow' it seems and no options I've 
tried seems to change this. I thought I was using public key in the 
original email but in fact I wasn't.

Thanks,

-- 
David.