Only do connection if I already know the destination?

[Hans Harder]

So you want to break off the connection if it isn't in the .ssh/known_host file.
Currently there is no way to do that, but with a little adaption it is possible

attached a small patch to look for an env var SSH_ASKHOSTKEY
if it is set to "y" or "n"  it will use that as answer instead of
asking that on the tty.

There are multiple ways of doing this...this is just one.

Hans

On Fri, Feb 10, 2023 at 12:24 PM Walter Harms <wharms at bfs.de> wrote:
>
> would it be possible to add an option to add an non-interactive mode ?
> Getting yes/no questions (or else) in a script is clearly not helpful.
>
> re,
>  wh
>
>
> ________________________________________
> Von: Dropbear <dropbear-bounces at ucc.asn.au> im Auftrag von Matt Johnston <matt at ucc.asn.au>
> Gesendet: Montag, 21. November 2022 16:20:25
> An: M Rubon
> Cc: dropbear at ucc.asn.au
> Betreff: Re: Only do connection if I already know the destination?
>
> On 2022-11-21 11:05 pm, M Rubon wrote:
> > I have an automated remote script that connects to a set of known
> > servers.  I never want be prompted to add a new host key if the server
> > is missing from .ssh/known_hosts.   If the key is missing, the client
> > should just immediately exit.
> >
> > Dropbear seems to give me the option of relaxing the host key checks
> > (-y -y).  Is there an option to make them more strict?
>
> I don't think there's any way to do that at the moment.
>
> Cheers,
> Matt
>
> >
> > M
> >
> > p.s. OpenSSH client option "StrictHostKeyChecking yes" is basically
> > what I am looking for.
-------------- next part --------------
210d209
< 	char *askhostkey = NULL;
221,228d219
< 
< 	askhostkey = getenv("SSH_ASKHOSTKEY");
< 	if (askhostkey && strchr("yn",*askhostkey)!=NULL) {
< 		m_free(fp);
< 		if (*askhostkey == 'y') {
< 			return;
< 		}
< 	} else {
246d237
< 		}