From owner-freebsd-questions@FreeBSD.ORG Fri Apr 25 16:25:25 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 98918106564A for ; Fri, 25 Apr 2008 16:25:25 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirg.bris.ac.uk (dirg.bris.ac.uk [137.222.10.102]) by mx1.freebsd.org (Postfix) with ESMTP id 3D86E8FC0A for ; Fri, 25 Apr 2008 16:25:25 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from seis.bris.ac.uk ([137.222.10.93]) by dirg.bris.ac.uk with esmtp (Exim 4.69) (envelope-from ) id 1JpQTw-00007n-Jb for freebsd-questions@freebsd.org; Fri, 25 Apr 2008 17:09:10 +0100 Received: from mech-aslap33.men.bris.ac.uk ([137.222.184.33]) by seis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1JpQUW-0005bv-C6 for freebsd-questions@freebsd.org; Fri, 25 Apr 2008 17:09:40 +0100 Received: from mech-aslap33.men.bris.ac.uk (localhost [127.0.0.1]) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2) with ESMTP id m3PG9e3I010020 for ; Fri, 25 Apr 2008 17:09:40 +0100 (BST) (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2/Submit) id m3PG9eoD010019 for freebsd-questions@freebsd.org; Fri, 25 Apr 2008 17:09:40 +0100 (BST) (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-aslap33.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Fri, 25 Apr 2008 17:09:39 +0100 From: Anton Shterenlikht To: freebsd-questions@freebsd.org Message-ID: <20080425160939.GA9863@mech-aslap33.men.bris.ac.uk> Mail-Followup-To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4.2.3i X-Spam-Score: -1.4 X-Spam-Level: - Subject: ssh StrictHostKeyChecking=no refuse connection when key changed X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 25 Apr 2008 16:25:25 -0000 Is it normal that StrictHostKeyChecking=no in .ssh/config still refuses ssh connection when host ID has changed. I've a setup in which host ids change frequently. How can I setup ssh so that it ignores key change. % ssh -oPort=xxxxx xx.xx.xx.xx @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the DSA host key has just been changed. The fingerprint for the DSA key sent by the remote host is [skip] Please contact your system administrator. Add correct host key in /home/mexas/.ssh/known_hosts to get rid of this message. Offending key in /home/mexas/.ssh/known_hosts:1 Password authentication is disabled to avoid man-in-the-middle attacks. Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks. Permission denied (publickey,password). % many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423