Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Putty: StrictHostKeyChecking

6,254 views
Skip to first unread message

mk_g...@yahoo.com

unread,
May 24, 2009, 8:37:48 PM5/24/09
to
How do I set StrictHostKeyChecking=no when I use Putty? Do I have to
load Cygwin and run SSH to do this?

Jacob Nevins

unread,
May 26, 2009, 8:07:59 AM5/26/09
to
mk_g...@yahoo.com writes:
>How do I set StrictHostKeyChecking=no when I use Putty? Do I have to
>load Cygwin and run SSH to do this?

StrictHostKeyChecking is an OpenSSH-specific configuration option. I'm
assuming that the aspect of its behaviour that you're after in PuTTY
is the automatic acceptance of unknown host keys.

This isn't possible in PuTTY. This entry in the PuTTY FAQ is relevant:

A.2.9 Is there an option to turn off the annoying host key prompts?

No, there isn't. And there won't be. Even if you write it yourself
and send us the patch, we won't accept it.

Those annoying host key prompts are the _whole point_ of SSH.
Without them, all the cryptographic technology SSH uses to secure
your session is doing nothing more than making an attacker's job
slightly harder; instead of sitting between you and the server with
a packet sniffer, the attacker must actually subvert a router and
start modifying the packets going back and forth. But that's not all
that much harder than just sniffing; and without host key checking,
it will go completely undetected by client or server.

Host key checking is your guarantee that the encryption you put on
your data at the client end is the _same_ encryption taken off the
data at the server end; it's your guarantee that it hasn't been
removed and replaced somewhere on the way. Host key checking makes
the attacker's job _astronomically_ hard, compared to packet
sniffing, and even compared to subverting a router. Instead of
applying a little intelligence and keeping an eye on Bugtraq, the
attacker must now perform a brute-force attack against at least one
military-strength cipher. That insignificant host key prompt really
does make _that_ much difference.

If you're having a specific problem with host key checking - perhaps
you want an automated batch job to make use of PSCP or Plink, and
the interactive host key prompt is hanging the batch process - then
the right way to fix it is to add the correct host key to the
Registry in advance. That way, you retain the _important_ feature of
host key checking: the right key will be accepted and the wrong ones
will not. Adding an option to turn host key checking off completely
is the wrong solution and we will not do it.

If you have host keys available in the common known_hosts format, we
have a script called kh2reg.py[1] to convert them to a Windows .REG
file, which can be installed ahead of time by double-clicking or
using REGEDIT.

[1] <http://svn.tartarus.org/sgt/putty/contrib/kh2reg.py?view=markup>

<http://www.chiark.greenend.org.uk/~sgtatham/putty/faq.html#faq-hostkeys>

Per Hedeland

unread,
May 28, 2009, 6:25:29 PM5/28/09
to
In article <lek*NB...@news.chiark.greenend.org.uk> Jacob Nevins

<jac...@chiark.greenend.org.uk> writes:
>mk_g...@yahoo.com writes:
>>How do I set StrictHostKeyChecking=no when I use Putty? Do I have to
>>load Cygwin and run SSH to do this?
>
>StrictHostKeyChecking is an OpenSSH-specific configuration option. I'm
>assuming that the aspect of its behaviour that you're after in PuTTY
>is the automatic acceptance of unknown host keys.
>
>This isn't possible in PuTTY. This entry in the PuTTY FAQ is relevant:

Well, the FAQ entry seems to be talking about turning off host key
checking completely, which is *never* an aspect of the behaviour of
StrictHostKeyChecking - a key mismatch will always unconditionally abort
the connection, you don't even get a chance to say "yes".

I.e. even if you have StrictHostKeyChecking=no, the potential attacker
must not "just" subvert a router, he must already have it subverted
*and* target your very first connection to a previously unknown host.

I fully understand how accepting unknown keys at all is a problem, but I
suspect that if the original ssh implementation had required
pre-configured keys, ssh would have remained an exotic technology of
mainly academic interest, instead of becoming the ubiquitous standard
that it is today. Making the equivalent of StrictHostKeyChecking=ask the
default was exactly the right tradeoff decision IMHO.

--Per Hedeland
p...@hedeland.org

steve....@gmail.com

unread,
May 15, 2018, 11:24:41 AM5/15/18
to
The problem is with the way you use registry to store keys. I can't make a cluster like I can in openssh. When I connect to a round-robin cluster I get a new host-key every time and I can't automate the connection. I need to either disable host key checking or be able to put in a cluster of host keys.

Simon Tatham

unread,
May 15, 2018, 2:52:15 PM5/15/18
to
<steve....@gmail.com> wrote:
> When I connect to a round-robin cluster I get a new host-key every
> time and I can't automate the connection. I need to either disable
> host key checking or be able to put in a cluster of host keys.

You can manually configure a cluster of host keys. Look in the SSH >
Host keys panel.
--
import hashlib; print((lambda p,q,g,y,r,s,m: (lambda w:(pow(g,int(hashlib.sha1(
m.encode('ascii')).hexdigest(),16)*w%q,p)*pow(y,r*w%q,p)%p)%q)(pow(s,q-2,q))==r
and m)(0xb80b5dacabab6145,0xf70027d345023,0x7643bc4018957897,0x11c2e5d9951130c9
,0xa54d9cbe4e8ab,0x746c50eaa1910, "Simon Tatham <ana...@pobox.com>" ))
0 new messages