From owner-freebsd-questions@FreeBSD.ORG  Mon Apr 28 10:31:40 2008
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2332D1065687
	for <freebsd-questions@freebsd.org>;
	Mon, 28 Apr 2008 10:31:40 +0000 (UTC)
	(envelope-from jmc-freebsd@milibyte.co.uk)
Received: from ptb-relay02.plus.net (ptb-relay02.plus.net [212.159.14.213])
	by mx1.freebsd.org (Postfix) with ESMTP id DAC898FC1F
	for <freebsd-questions@freebsd.org>;
	Mon, 28 Apr 2008 10:31:39 +0000 (UTC)
	(envelope-from jmc-freebsd@milibyte.co.uk)
Received: from [84.92.153.232] (helo=kestrel.milibyte.co.uk)
	by ptb-relay02.plus.net with esmtp (Exim) id 1JqQe0-0007A3-VG;
	Mon, 28 Apr 2008 11:31:37 +0100
Received: by kestrel.milibyte.co.uk with local (Exim 4.69)
	(envelope-from <jmc-freebsd@milibyte.co.uk>)
	id 1JqQdz-000NaU-M8; Mon, 28 Apr 2008 11:31:36 +0100
From: Mike Clarke <jmc-freebsd@milibyte.co.uk>
To: freebsd-questions@freebsd.org
Date: Mon, 28 Apr 2008 11:31:34 +0100
User-Agent: KMail/1.9.7
References: <20080425160939.GA9863@mech-aslap33.men.bris.ac.uk>
	<EA92F240-7932-42CB-A669-F63942EDD3D4@mac.com>
	<20080428093759.GA71558@mech-aslap33.men.bris.ac.uk>
In-Reply-To: <20080428093759.GA71558@mech-aslap33.men.bris.ac.uk>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200804281131.35233.jmc-freebsd@milibyte.co.uk>
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: jmc-freebsd@milibyte.co.uk
X-SA-Exim-Scanned: No (on kestrel.milibyte.co.uk);
	SAEximRunCond expanded to false
X-Plusnet-Relay: 79f90c7a1e5798c51df21504d32453b9
Cc: Anton Shterenlikht <mexas@bristol.ac.uk>
Subject: Re: ssh StrictHostKeyChecking=no refuse connection when key changed
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 28 Apr 2008 10:31:40 -0000

On Monday 28 April 2008, Anton Shterenlikht wrote:

> This works fine until Node1 is down, in which case the cluster
> software directs all connections to 10.10.10.1 to Node2. Since
> its key doesn't match what's in known_hosts, the connection is
> refused.
>
> At present I tune the VMS cluster and reboot individual nodes
> frequently. I'd like to be able to tell ssh to ignore key mismatch
> at this stage.

Just a quick, and untested, thought. Could you use the same key files on 
all the nodes in the cluster? It might work unless ssh on the local 
machine objects to machines having identical keys in the known_hosts 
file.

-- 
Mike Clarke