ssh confusion

Lisa Kachold lisakachold at obnosis.com
Mon Dec 3 15:20:12 MST 2012 

You could even add a bash alias for this:

/home/yourlogin/.bashrc

alias ssh="ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no"
export ssh

You can also try this first from your shell (without editing the bashrc
file):

export alias ssh="ssh -o UserKnownHostsFile=/dev/null -o
StrictHostKeyChecking=no"

When you log out of bash it will not persist, but it's a great way for a
quick test.


On Mon, Dec 3, 2012 at 3:06 PM, James Mcphee <jmcphe at gmail.com> wrote:

> We tend to reuse hosts names on our cloud, so I have a little script that
> contains the following lines to bypass strict host checking.
> ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no $@
> Yes it's terrible, but I'm very lazy.
>
>
> On Mon, Dec 3, 2012 at 1:47 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> What are tbe permissions on your .ssh directory¿
>> On 3 Dec 2012 13:44, "Lisa Kachold" <lisakachold at obnosis.com> wrote:
>>
>>> Larry.
>>>
>>> The key and location are specified in the /etc/ssh/sshd_config file.
>>> But that will no
>>> Doubt just give the same error.
>>>
>>> Are the machines specified in /etc/hosts hosts.deny and hosts.allow?
>>> On 2 Dec 2012 22:18, "Dazed_75" <lthielster at gmail.com> wrote:
>>>
>>>>
>>>>
>>>> On Sat, Dec 1, 2012 at 5:59 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>>>>
>>>>> Hi Larry,
>>>>>
>>>>>
>>>>> On Fri, Nov 30, 2012 at 8:56 PM, Dazed_75 <lthielster at gmail.com>wrote:
>>>>>
>>>>>>
>>>>>>
>>>>>> On Fri, Nov 30, 2012 at 5:29 PM, der.hans <PLUGd at lufthans.com> wrote:
>>>>>>
>>>>>>> Am 30. Nov, 2012 schwätzte Dazed_75 so:
>>>>>>>
>>>>>>> moin moin,
>>>>>>>
>>>>>>>
>>>>>>>  Interesting.  I deleted entry 8 and then ssh'd to lapdog0 with no
>>>>>>>> complaint.  Logged out, rebooted that machine to Mint and then
>>>>>>>> ssh'd into
>>>>>>>> lapdog1 and that complained about then new entry 23 for lapdog0.
>>>>>>>>
>>>>>>>
>>>>>>> Yeah, line 8 was probably your old entry for lapdog2.
>>>>>>
>>>>>>
>>>>>> Yes, I said so in the first post.
>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>  It appears that ssh will make an entry in known_hosts for each IP
>>>>>>>> and
>>>>>>>> something (host name, kernel, tennis ball) combination, but only
>>>>>>>> complains
>>>>>>>> about the 1st mis-match it finds.  Whatever the "something" is is
>>>>>>>> not clear
>>>>>>>> as I got no complaint after deleting entry 8 (from the lapdog2
>>>>>>>> days) and
>>>>>>>> sshing in to lapdog0.  Puzzling.
>>>>>>>>
>>>>>>>
>>>>>>> It tracks hostname and IP combinations and warns you if the IP has
>>>>>>> another
>>>>>>> entry. Presuming both lapdog0 and lapdog1 are properly in
>>>>>>> known_hosts I'd
>>>>>>> think the warning would go away.
>>>>>>>
>>>>>>
>>>>>> no, it does not.  I did describe the circumstances though I tend to
>>>>>> use more words than many folks do.  As I said, since both lapdog0 and
>>>>>> lapdog1 are the same machine (with the same mac address) just booted into
>>>>>> different OSes they both get the same IP from DHCP.   That seems to land
>>>>>> two entries for the same IP in known_hosts and that seems to make ssh
>>>>>> complain.
>>>>>>
>>>>>>>
>>>>>>> Does ssh -v explain it?
>>>>>>>
>>>>>>
>>>>>> I did not think to try that and it is too late as I am re-installing
>>>>>> that machine to test out a couple of things.
>>>>>>
>>>>>> Thanks for the feedback guys!
>>>>>>
>>>>>>>
>>>>>>> ciao,
>>>>>>>
>>>>>>> der.hans
>>>>>>> --
>>>>>>>
>>>>>>
>>>>> Sorry this is so late.
>>>>>
>>>>> But you can do any of the following:
>>>>>
>>>>> a) Clone the connection for both machines:
>>>>>
>>>>
>>>> As I said in the first post, lapdog0 and lapdog1 are the same machine
>>>> just using different hostnames depending on which Linux is running.
>>>>  Therefore, they "both" have the same mac address by definition.
>>>>
>>>> I did think of copying the public and private parts of the key from one
>>>> to the other but don't know enough to know if that might cause another
>>>> problem.
>>>>
>>>> BTW, I re-installed (to be totally sure of the starting point) them
>>>> again with both being named lapdog2 and it made no difference.
>>>>
>>>>>
>>>>> 1) Use the same key for both machines.
>>>>>
>>>>> ssh-keygen  then copy that key to your second machine.
>>>>>
>>>>> 2) set your MAC address as the same number in your network device
>>>>> configuration.
>>>>>
>>>>>
>>>>> B) Disable Strict Error Checking
>>>>>
>>>>> Turn off strict error checking in  /etc/ssh/sshd_config on both
>>>>> machines.
>>>>>
>>>>
>>>> The error is showing as being due to strict error checking.  But I
>>>> would hesitate to turn it off other than temporarily not to mention that I
>>>> don't know how.  Finding out would be easy, it's just not a priority.
>>>>
>>>>>
>>>>> While this can be a ssh security risk and therefore not indicated on
>>>>> most networks for which you are maintaining this solution, but if you have
>>>>> buttoned down your network and actually read your logs, it should be safe,
>>>>> alternately you can also seru==dd
>>>>>
>>>>> http://en.wikipedia.org/wiki/Port_knocking
>>>>>
>>>>>>
>>>>>> --
>>>>>> Dazed_75 a.k.a. Larry
>>>>>>
>>>>>> Please protect my address like I protect yours. When sending messages
>>>>>> to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>>>>>> from a forwarded message body before clicking Send.
>>>>>>
>>>>>>
>>>>>> ---------------------------------------------------
>>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>>
>>>>>
>>>>> (503) 754-4452 Android
>>>>> (623) 239-3392 Skype
>>>>> (623) 688-3392 Google Voice
>>>>> **
>>>>> it-clowns.com
>>>>> Chief Clown
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> ---------------------------------------------------
>>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Dazed_75 a.k.a. Larry
>>>>
>>>> Please protect my address like I protect yours. When sending messages
>>>> to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>>>> from a forwarded message body before clicking Send.
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> James McPhee
> jmcphe at gmail.com
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 


(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121203/f5317e0b/attachment.html>

More information about the PLUG-discuss mailing list