From owner-freebsd-questions@FreeBSD.ORG Fri Jun 27 11:21:21 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6B8781065670 for ; Fri, 27 Jun 2008 11:21:21 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from dirj.bris.ac.uk (dirj.bris.ac.uk [137.222.10.78]) by mx1.freebsd.org (Postfix) with ESMTP id 31D7F8FC0C for ; Fri, 27 Jun 2008 11:21:21 +0000 (UTC) (envelope-from mexas@bristol.ac.uk) Received: from isis.bris.ac.uk ([137.222.10.63]) by dirj.bris.ac.uk with esmtp (Exim 4.69) (envelope-from ) id 1KCC0z-0002GL-W4; Fri, 27 Jun 2008 12:21:20 +0100 Received: from mech-aslap33.men.bris.ac.uk ([137.222.184.33]) by isis.bris.ac.uk with esmtp (Exim 4.67) (envelope-from ) id 1KCC0z-0004PO-79; Fri, 27 Jun 2008 12:21:17 +0100 Received: from mech-aslap33.men.bris.ac.uk (localhost [127.0.0.1]) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2) with ESMTP id m5RBLGTu011124; Fri, 27 Jun 2008 12:21:16 +0100 (BST) (envelope-from mexas@bristol.ac.uk) Received: (from mexas@localhost) by mech-aslap33.men.bris.ac.uk (8.14.2/8.14.2/Submit) id m5RBLGp8011123; Fri, 27 Jun 2008 12:21:16 +0100 (BST) (envelope-from mexas@bristol.ac.uk) X-Authentication-Warning: mech-aslap33.men.bris.ac.uk: mexas set sender to mexas@bristol.ac.uk using -f Date: Fri, 27 Jun 2008 12:21:16 +0100 From: Anton Shterenlikht To: Mike Clarke Message-ID: <20080627112116.GA11096@mech-aslap33.men.bris.ac.uk> Mail-Followup-To: Mike Clarke , freebsd-questions@freebsd.org References: <20080425160939.GA9863@mech-aslap33.men.bris.ac.uk> <20080428093759.GA71558@mech-aslap33.men.bris.ac.uk> <200804281131.35233.jmc-freebsd@milibyte.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200804281131.35233.jmc-freebsd@milibyte.co.uk> User-Agent: Mutt/1.4.2.3i X-Spam-Score: -1.4 X-Spam-Level: - Cc: freebsd-questions@freebsd.org Subject: Re: ssh StrictHostKeyChecking=no refuse connection when key changed X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Jun 2008 11:21:21 -0000 On Mon, Apr 28, 2008 at 11:31:34AM +0100, Mike Clarke wrote: > On Monday 28 April 2008, Anton Shterenlikht wrote: > > > This works fine until Node1 is down, in which case the cluster > > software directs all connections to 10.10.10.1 to Node2. Since > > its key doesn't match what's in known_hosts, the connection is > > refused. > > > > At present I tune the VMS cluster and reboot individual nodes > > frequently. I'd like to be able to tell ssh to ignore key mismatch > > at this stage. > > Just a quick, and untested, thought. Could you use the same key files on > all the nodes in the cluster? It might work unless ssh on the local > machine objects to machines having identical keys in the known_hosts > file. Mike I quite forgot to reply to this. YOu are right, of course. I thought a bit about the whole idea of sharing system files in a VMS cluster and realised that the keys must be identical. All I did was to point each cluster node to the same key file. All is fine now. Yes, known_hosts has 6 identical keys for 6 different ip addresses, and ssh doesn't complain. many thanks anton -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 928 8233 Fax: +44 (0)117 929 4423