Thursday, April 14, 2005

Selectively (per-host) ignoring host keys for ssh

Out of the box, the openssh client records (and on subsequent connection attempts, checks for equivalence) the keys of any hosts that it communicates with. If you have (as I do) a development environment in which a test device with a fixed name and IP address is frequently being rebuilt from scratch and is being permitted to regenerate its own ssh host keys (the self-build procedure is part of what is being checked), then you are forever faced with ssh bitching about a changed host key. It is not immediately obvious to me how best to cope with this, but adding the following to my ~/.ssh/config solved my problem:
Host linz
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
Note that this only applies to a specific host, not to all (!). Setting StrictHostKeyChecking to "no" means that, upon encountering a new key, it will just accept and record it without asking. Setting UserKnownHostsFile to "/dev/null" means that it will never find a different existing key about which to complain and that it will never successfully store such a key in the first place.