1

Situation

Two systems. One which add IP address automatically to list of known host when doing ssh.

Warning: Permanently added '192.168.158.XXX' (ECDSA) to the list of known hosts.

One which doesn't

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
9c:79:39:54:44:20:bd:65:19:93:5b:00:bb:b7:9c:0c.
Please contact your system administrator.
Add correct host key in /home/jenkins/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /home/jenkins/.ssh/known_hosts:14
  remove with: ssh-keygen -f "/home/jenkins/.ssh/known_hosts" -R 192.168.158.XXX
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.

Problem

How to set the second system to do it automatically? It's for internal tests, I know it would be dangerous else.

Cher
  • 115

1 Answers1

1

The other would automatically add too, but it doesn't because it already has a matching entry with a different key. I usually turn off checking using StrictHostKeyChecking (and deleting known_hosts if I get too annoyed, you may need to manually recreate it if, for some reason, it doesn't get automatically create a new known_hosts):

ssh -o StrictHostKeyChecking=no host

You may need to set CheckHostIP too (-o CheckHostIP=no).

muru
  • 197,895
  • 55
  • 485
  • 740
  • I made many tries, like this one bash -c 'timeout 300s ssh -o StrictHostKeyChecking=no -o CheckHostIP=no root@192.168.158.93 "mkdir -p NightTest"' but still the same error... – Cher Jun 17 '15 at 15:48
  • @CherrysaHerrim Delete your known_hosts and try again. – muru Jun 17 '15 at 15:49
  • I found lot's of way to delete a particular host, but is there a way to delete them all? – Cher Jun 17 '15 at 15:58
  • @CherrysaHerrim yes: delete the file. – muru Jun 17 '15 at 15:58
  • I deleted it and now every ssh command just do nothing (command is waiting for timeout) – Cher Jun 17 '15 at 16:05
  • @CherrysaHerrim I cannot reproduce that. I test out the exact command you gave me, with hostnames changed, and they work fine for me. – muru Jun 17 '15 at 16:07
  • Once deleted .ssh/known_hosts it would not recreate itself. I copied another one and now it works fine! Thanks. However is it a normal comportment? – Cher Jun 17 '15 at 16:12
  • @CherrysaHerrim It should recreate itself. – muru Jun 17 '15 at 16:13
  • I see! I marked your answer as the answer, but if you don't mind I'd add a note to keep a known_hosts copy in case it doesn't recreate (I was really lucky that I made one before). – Cher Jun 17 '15 at 16:19
  • @CherrysaHerrim if it doesn't a recreate itself, that's a problem to be looked into as well. If not, just touch ~/.ssh/known_hosts. Edit in a note, I'll approve it. – muru Jun 17 '15 at 16:21