[PATCH] ssh -Y: always accepts and stores the hostkey
Roberto A. Foglietta
roberto.foglietta at gmail.com
Thu May 8 15:37:52 WST 2008
2007/10/18 Patrik Lermon <patrik.lermon at marasystems.com>:
>
> On Thursday 18 October 2007 10:58:58 Hamish Moffatt wrote:
> > On Thu, Oct 18, 2007 at 10:33:40AM +0200, Roberto A. Foglietta wrote:
> > > 2007/10/18, Hamish Moffatt <hamish at cloud.net.au>:
> > > > Roberto A. Foglietta wrote:
> > > > > /.ssh # ssh -Y guest at 172.16.119.6 hostname
> > > > >
> > > > > Host '172.16.119.6' key accepted unconditionally.
> > > > > (fingerprint md5 c9:50:c6:b3:eb:f8:80:be:68:fe:a1:fd:51:fb:d8:15)
> > > > > eemd2364170
> > > >
> > > > Note that OpenSSH has a -Y switch with a different meaning, so this may
> > > > be confusing.
> > >
> > > Yes, you are right. May be a -yy could be better?
> > > New patch in attachment.
> >
> > That sounds reasonable to me. I wish OpenSSH had this functionality!
> >
> > cheers,
> > Hamish
>
> You can do this (if I understood the problem correctly):
>
> $ ssh -o CheckHostIP=no -o StrictHostKeyChecking=no <host>
>
> This will give you a warning if the hostkey doesn't match, but allow you to
> get in.
>
Yes you are right but this trick works one time and the next? The
first run an embedded system has to overwrite a key BUT the next time
have to fails if key change, for example. I think overwrite the key
once time when nedded is safer than disabling host check and key
forever. For this reason I am attaching the patch again, hoping you
will applay it.
Best regards,
--
/roberto
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dropbear_always_accept_and_store_hostkey.patch
Type: text/x-patch
Size: 3188 bytes
Desc: not available
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20080508/9b3cf331/attachment.bin
More information about the Dropbear
mailing list