Bypass known_hosts file

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have a four node cluster running Solaris zones

In this setup I need have a user that will be logging into a global IP
from a zone which at any time can be on any node within the cluster.

I have set up the initial authorized_key file to allow the user to ssh
to the global IP and it logs in no problem.

The problem is when the global IP resides on a different node within
the cluster.

I get the "MAN IN THE MIDDLE ATTACK" message because the known_host
contains a different string.

My question so is there a way to bypass the known_hosts file and tell
ssh to just look to see if the authorized_key is there and if so long
in without a password.

Am I way off the mark here ?

Cheers for any replies.


Re: Bypass known_hosts file


Just an update on progress.

I can bypass the known_hosts file with -o UserKnownHostsFile=/dev/null

However, it is now prompting for yes/no on connect, how do I avoid
this ?

Any help is appreciated !

Re: Bypass known_hosts file

Quoted text here. Click to load it

-q option does the trick.

Thanks for all the help guys..



Re: Bypass known_hosts file

Zfs.. schrieb:
Quoted text here. Click to load it

It might be better to use the same /etc/ssh/ssh_host_key* on all
servers? There would not be the danger of a man in the middle attack.


Re: Bypass known_hosts file

Quoted text here. Click to load it

You can tell the known_hosts file that each of the nodes can host the
global IP.

So if you had this:
node1 ssh-dss AAA...x1
node2 ssh-dss
node3 ssh-dss AAA...8s
node4 ssh-dss AAA...GG

Change it to:
node1,global ssh-dss AAA...x1
node2,global ssh-dss
node3,global ssh-dss AAA...8s
node4,global ssh-dss AAA...GG

Then when you do 'ssh global', the IP can be on any of the four nodes
and ssh verfies that.


Re: Bypass known_hosts file

Quoted text here. Click to load it

Give them all the same private and public SSH keys. Problem solved.

Site Timeline