Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- peter pilsl
June 3, 2009, 8:07 am
rate this thread
I use ssh for communication between all my servers I and I love
StrictHostChecking cause it makes me feel secure.
But frequently I would really prefer to disable it for a single-session
in the following scenario:
* one of the servers in the local LAN goes down and needs to be fixed
* I boot with a linux-rescue-disk and the server fetches its IP via DHCP
which is the same IP that the original server has
* I try to access this linux-rescue-booted-server from my comfy
workplace and I cannot do it because the host-key has changed
Removing the hostkey on my comfy workplace is bad cause I would need to
put it back later and thats more work then I want to invest. Usually I
just remove it and let ssh add it later which actually weakens my
securityy cause a possible attacker could choose this very moment to
perform a ManInTheMiddle-attack.
ssh -o "StrictHostKeyChecking no" -o "PasswordAuthentication yes"
but it doesnt work:
Offending key in /home/peter/.ssh/known_hosts:10
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid
Permission denied (publickey,password).
And my standard-rescue-disk has ssh enabled but no public key installed.
Re: temporarily disable StrictHostChecking an allow passwordauth via keyboard?
Right. Because "StrictHostKeyChecking" only affects whether keys are
added to the known_hosts file. It doesn't affect existing keys.
Change the known_hosts file temporarily so there is no existing key.
Or put all that into a config file and use that alternate config file:
ssh -F insecure_config <temphost>
If you use a global known_hosts file rather than just the per-user one,
you'll need to override it as well.
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum