Displaying 20 results from an estimated 5000 matches similar to: "Variable substitution in UserKnownHostsFile configuration option"
2015 Oct 09
2
Permanently added hostkeys (due to IP address pool), without confirmation
Hello,
maybe someone could please help and shed some light on a problem
that i don't understand, and that even in multiple ways.
The problem occurred three or four times over the past months
(maybe half a year?) and manifests as
++ Pushing to "gitlab" (at least "master" differs)!
Warning: Permanently added the RSA host key for IP address '104.46.105.89' to the
2020 Sep 05
2
Support for UserKnownHostsFile tokens?
Hi Damien/all,
Since github etc use a potentially large number of IP addresses (albeit with a small number of keys), I'd like more granular oversight over their entries in my known_hosts.
Eg, here is a simplified stanza from my current ssh config:
Host github gitlab
User git
Hostname %h.com
UserKnownHostsFile ~/.ssh/known_hosts.d/git
There doesn't seem to be a good way to filter only
2018 Jan 09
4
IdentityFingerprint feature request
The IdentityFile config (or -i argument) lets you insist on (or prioritize,
at least) a particular key file on disk. The key can be retrieved from
ssh-agent without decrypting the file on disk, but it must be found at the
specified path. I have a use case in which keys are added to ssh-agent on a
forwarded connection, but are not present on disk locally. There is
currently no way to refer to a key
2015 Oct 16
2
Is there any solution, or even work on, limiting which keys gets forwarded where?
On Thu, Oct 15, 2015 at 07:02:58PM -0400, Nico Kadel-Garcia wrote:
> On Thu, Oct 15, 2015 at 10:34 AM, hubert depesz lubaczewski
> <depesz at depesz.com> wrote:
> > Hi,
> >
> > I'm in a situation where I'm using multiple SSH keys, each to connect to
> > different set of servers.
> >
> > I can't load/unload keys on demand, as I usually am
2015 Aug 26
5
Disabling host key checking on LAN
If I want to specify for LAN addresses that I don't want to deal with host
keys, how do I do that? Understanding the risks, knowing almost everyone
will say not to do this - it's a horrible idea, but deciding I want to do
it anyway. Tired of having to remove entries from known_hosts with the
multiple VM's I have that often change fingerprints, and am willing to live
with the risks.
2024 Feb 17
1
How to remove old entries from known_hosts?
Brian Candler wrote:
> Chris Green wrote:
> > ... redundant ones are because I have a mixed population of
> > Raspberry Pis and such on my LAN and they get rebuilt fairly
> > frequently and thus, each time, get a new entry in known_hosts.
> ...many useful tips...
> To disable host key checking altogether for certain domains and/or networks,
> you can put this in
2016 Jan 13
6
[Bug 2525] New: Please add an alias such as -o Insecure for -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no
https://bugzilla.mindrot.org/show_bug.cgi?id=2525
Bug ID: 2525
Summary: Please add an alias such as -o Insecure for -o
UserKnownHostsFile=/dev/null -o
StrictHostKeyChecking=no
Product: Portable OpenSSH
Version: 6.7p1
Hardware: amd64
OS: Linux
Status: NEW
Severity:
2011 Apr 08
1
Host selection in ssh_config
Hello there,
I'm a little afraid of writing here, hope I don't make any mistake doing
so. I'm trying for days and searching the web too, but no obvious
solution, no reply from the specialized forum I wrote in.
Here is the situation:
I would like to have a lighter security inside our domain, without
changing when going outside. By "lighter security" I mean at least, no
2015 Nov 10
4
[Bug 2493] New: Accept host key fingerprint as the same as 'yes'
https://bugzilla.mindrot.org/show_bug.cgi?id=2493
Bug ID: 2493
Summary: Accept host key fingerprint as the same as 'yes'
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee:
2020 Sep 30
3
Human readable .ssh/known_hosts?
On Tue, 29 Sep 2020 at 23:16, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
[...]
> I gave up on $HOME/.ssh/known_hosts a *long* time ago, because if
> servers are DHCP distributed without static IP addresses they can wind
> up overlapping IP addresses with mismatched hostkeys
You can set CheckHostIP=no in your config. As long as the names don't
change it'll do what you
2023 Aug 18
2
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18.08.23 07:39, Darren Tucker wrote:
> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote:
> [...]
>> The crux of this is that we cannot assume the local IPv4 address is
>> unique, since it's not (and in many cases, not even static).
>
> If the IP address is not significant, you can tell ssh to not record
> them ("CheckHostIP
2024 Feb 14
1
How to remove old entries from known_hosts?
On 14/02/2024 11:42, Chris Green wrote:
> Is there any way to remove old entries from the known_hosts file? With
> the hashed 'names' one can't easily see which entries are which. I
> have around 150 lines in my known hosts but in reality I only ssh to a
> dozen or so systems. All the redundant ones are because I have a
> mixed population of Raspberry Pis and such on
2015 Aug 27
3
Disabling host key checking on LAN
Perfect, thanks. This winds up working for me (as far as I've tested so
far.)
Match exec "ping -q -c 1 -t 1 %n | grep '192\.168\.'"
StrictHostKeyChecking no
UserKnownHostsFile none
On Wed, Aug 26, 2015 at 11:47 PM, Bostjan Skufca <bostjan at a2o.si> wrote:
> (+cc list)
>
> You could use something in the following manner:
>
> Match originalhost *
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18/8/23 18:37, Jochen Bern wrote:
> On 18.08.23 07:39, Darren Tucker wrote:
>> On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com>
>> wrote:
>> [...]
>>> The crux of this is that we cannot assume the local IPv4 address is
>>> unique, since it's not (and in many cases, not even static).
>>
>> If the IP address is
2020 Sep 20
13
Call for testing: OpenSSH 8.4
Hi,
OpenSSH 8.4p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2003 May 28
1
[Bug 579] Can't specify files with whitespace in the name in ssh_config
http://bugzilla.mindrot.org/show_bug.cgi?id=579
Summary: Can't specify files with whitespace in the name in
ssh_config
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: Mac OS X
Status: NEW
Severity: minor
Priority: P2
Component: ssh
AssignedTo:
2017 Jan 28
3
known_hosts question for Ubuntu Server 14.04 and 16.04 LTS
Hello & thanks for reading.
I'm having a problem configuring known_hosts from scripts so an accept
key yes/no prompt doesn't appear.
I'm using this command to detect if the server is known and add it to
known_hosts:
if ! ssh-keygen -F ${IP_ADDR} -f ~/.ssh/known_hosts > /dev/null 2>&1; t
hen ssh-keyscan -p ${PORT} ${IP_ADDR} >> ~/.ssh/known_hosts; fi
This works
2017 Jul 05
9
[Bug 2738] New: UpdateHostKeys does not check keys in secondary known_hosts files
https://bugzilla.mindrot.org/show_bug.cgi?id=2738
Bug ID: 2738
Summary: UpdateHostKeys does not check keys in secondary
known_hosts files
Product: Portable OpenSSH
Version: 7.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
2020 Oct 19
6
[Bug 3221] New: hostkey preference ordering is broken in some situations
https://bugzilla.mindrot.org/show_bug.cgi?id=3221
Bug ID: 3221
Summary: hostkey preference ordering is broken in some
situations
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
2015 Feb 22
3
PKI host based principal
Hello,
Maybe I did not understand correctly the PKI trust, so forgive me if I am wrong.
For example, I have multiple hosts that all serves as monitoring
server, I would like to trust only these hosts, so I enrol a
certificate for these using "monitoring" principal, so I can connect
only to these.
At first I thought we can do Match statement at ssh_config, however,
the Match is being