Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How do Iput the ssh-rsa key of remote machine in my known_hosts file

1 view
Skip to first unread message

Ramprasad

unread,
Mar 6, 2006, 10:22:00 AM3/6/06
to
Hi,
I want to automate ssh login. The remote server already contains the
rsa key of my client machine
So the only part left out is bypassing the yes/no prompt

The authenticity of host '192.168.2.215 (192.168.2.215)' can't be
established.
RSA key fingerprint is 8a:76:65:ff:66:13:ae:46:8b:83:5e:c4:a6:ef:33:e8.
Are you sure you want to continue connecting (yes/no)?

I dont want this prompt. Can I disable this , or can I put the remote
servers hostkey in my known_hosts automatically

Thanks
Ram

Chuck

unread,
Mar 6, 2006, 3:51:12 PM3/6/06
to

The only times you should see this are:

(1) the first time you ever connect to the server
(2) the first time you connect after the admin has generated a new key
pair (and there's usually no reason for him to do this)

The warning is there as a protection against spoof attacks where one
server is masquerading as another. If you are seeing this and neither 1
or 2 is true, you may be encountering such an attack.

--
To reply by email remove "_nospam"

Mark Rafn

unread,
Mar 6, 2006, 6:26:20 PM3/6/06
to
Ramprasad <rampra...@gmail.com> wrote:
>The authenticity of host '192.168.2.215 (192.168.2.215)' can't be
>established.
>RSA key fingerprint is 8a:76:65:ff:66:13:ae:46:8b:83:5e:c4:a6:ef:33:e8.
>Are you sure you want to continue connecting (yes/no)?

Ok, this is the first time you've connected to 192.168.2.215. If this isn't
the first time, something strange is going on, which you should fix.

>I dont want this prompt. Can I disable this , or can I put the remote
>servers hostkey in my known_hosts automatically

Connect to the host once, it should be added and you won't be asked again.
You can create the line in .ssh/known_hosts by hand, but it's going to be
easier to just connect and add it.

I don't know of any way to disable it, though it may be possible in some ssh
clients. If you specify what client you're using, someone may have more
specific advice.

Ramprasad

unread,
Mar 7, 2006, 1:21:11 AM3/7/06
to
Yes it is the first time.
The SSH server is a freshly installed machine, where I have to run
my automated tests.
Can you please tell me how do I create .ssh/known_hosts by hand ( or
by a perl/shell script :-) )

Thanks
Ram

Darren Tucker

unread,
Mar 7, 2006, 7:38:08 AM3/7/06
to
On 2006-03-06, Ramprasad <rampra...@gmail.com> wrote:
> I want to automate ssh login. The remote server already contains the
> rsa key of my client machine
> So the only part left out is bypassing the yes/no prompt
>
> The authenticity of host '192.168.2.215 (192.168.2.215)' can't be
> established.
> RSA key fingerprint is 8a:76:65:ff:66:13:ae:46:8b:83:5e:c4:a6:ef:33:e8.
> Are you sure you want to continue connecting (yes/no)?

If you're using OpenSSH (looks like it) then you can use

ssh -o StrictHostKeyChecking=no yourserver

or put the equivalent in one of the config files. See ssh_config(5)
for the details.

(Others have mentioned upthread the dangers of doing this, but since
you're testing freshly built machines then there's probably no way to
know the keys beforehand. If you'll positively never have any long
term use for the keys then you can add "UserKnownHostsFile /dev/null"
to prevent them from being stored.)

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Richard E. Silverman

unread,
Mar 12, 2006, 9:44:53 PM3/12/06
to

ssh_config(5), "StrictHostKeyChecking"

--
Richard Silverman
r...@qoxp.net

0 new messages