Handling ssh to generic hostnames
(This idea is not from me, it's from R Francis Smith. It is just sufficiently nifty and wrong that I'm going to write it up for posterity.)
Suppose that you have a generic hostname, a hostname that either is
multiple machines (with multiple IP addresses) or a virtual host that
gets pointed to different physical machines from time to time. Further
suppose that inside your environment, your users ssh
to that machine,
or at least want to. The traditional problem with this is that for
good reasons ssh's host key checking will start
screaming about mismatching host keys the moment that you wind up
talking to a different physical machine that has, of course, different
host keys.
So, the ingenious evil solution for this problem is to have a Host
stanza for the generic hostname in your /etc/ssh/ssh_config
that
turns off the various ssh host key verification options, so that ssh
never even notices the mismatched host keys and thus never complains
about them. Yes, this is kind of unpleasant, but it is better than
the alternative (which is very close to not having useful generic
hostnames), and you can make it less risky by turning off password-based
authentication methods and other dangerous things.
This is a somewhat limited solution to the problem, since it only works within your systems. But that's probably the only place that you want it to work anyways.
(The simple evil solution to the problem is to give all of the physical hosts for the generic hostname the same host key. You probably don't want to do this.)
Sidebar: how to turn off ssh's host key checking
The options that you want are:
StrictHostKeyChecking no UserKnownHostsFile /dev/null
With these set, ssh can do all of the host key checking it wants to but it's never going to get anywhere, and so never gets in the way.
(I will assume that the generic hostname is not in your global known hosts file, because there is no reason to put it there since it doesn't have a constant key.)
Comments on this page:
|
|