No strict host checking is different that what i was looking for. I want to be prompted on key change, that is different from initial key acceptance. Blindly accepting all keys is considerably more dangerous than blindly accepting the first key. I looked at the ssh source and it requires a patch do do what I'm thinking.
Sent from my mobile On Jan 1, 2011, at 3:00 AM, [email protected] wrote: > Forum: Cfengine Help > Subject: Re: Cfengine Help: Re: Cfengine Help: How to configure a client > machine to contact the policy server and downloads updates? > Author: phnakarin > Link to topic: https://cfengine.com/forum/read.php?3,19909,20004#msg-20004 > > Nick Anderson Wrote: > ------------------------------------------------------- >> That brings up the question how can I instruct SSH >> to automatically save >> a host fingerprint on initial connection. > > The key is StrictHostKeyChecking inside the ssh_config. The default behaviour > is to "ask" so > > (1) you might want to change it to "no" (/etc/ssh/ssh_config) to accept new > host keys to the user known hosts files. > (2) create you own ~/.ssh/config to override the global parameter > (3) run ssh with the option. > $ ssh account@ -o StrictHostKeyChecking=no > > Cheers, > --Nakarin > > _______________________________________________ > Help-cfengine mailing list > [email protected] > https://cfengine.org/mailman/listinfo/help-cfengine _______________________________________________ Help-cfengine mailing list [email protected] https://cfengine.org/mailman/listinfo/help-cfengine
