[PATCH] ssh -Y: always accepts and stores the hostkey

[Roberto A. Foglietta]

2007/10/18 Patrik Lermon <patrik.lermon at marasystems.com>:
>
> On Thursday 18 October 2007 10:58:58 Hamish Moffatt wrote:
>  > On Thu, Oct 18, 2007 at 10:33:40AM +0200, Roberto A. Foglietta wrote:
>  > > 2007/10/18, Hamish Moffatt <hamish at cloud.net.au>:
>  > > > Roberto A. Foglietta wrote:
>  > > > > /.ssh # ssh -Y guest at 172.16.119.6 hostname
>  > > > >
>  > > > > Host '172.16.119.6' key accepted unconditionally.
>  > > > > (fingerprint md5 c9:50:c6:b3:eb:f8:80:be:68:fe:a1:fd:51:fb:d8:15)
>  > > > > eemd2364170
>  > > >
>  > > > Note that OpenSSH has a -Y switch with a different meaning, so this may
>  > > > be confusing.
>  > >
>  > >  Yes, you are right. May be a -yy could be better?
>  > >  New patch in attachment.
>  >
>  > That sounds reasonable to me. I wish OpenSSH had this functionality!
>  >
>  > cheers,
>  > Hamish
>
>  You can do this (if I understood the problem correctly):
>
>  $ ssh -o CheckHostIP=no -o StrictHostKeyChecking=no <host>
>
>  This will give you a warning if the hostkey doesn't match, but allow you to
>  get in.
>

 Yes you are right but this trick works one time and the next? The
first run an embedded system has to overwrite a key BUT the next time
have to fails if key change, for example. I think overwrite the key
once time when nedded is safer than disabling host check and key
forever. For this reason I am attaching the patch again, hoping you
will applay it.

 Best regards,
-- 
/roberto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dropbear_always_accept_and_store_hostkey.patch
Type: text/x-patch
Size: 3188 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080508/9b3cf331/attachment.bin