[ale] SSH configuraiton

Jerry Z. Yu z.yu at voicecom.com
Mon Feb 10 13:29:05 EST 2003


	yeah, if like Chris said, the only impersistence is from the fs 
based on ram, he should be able to do customize an init script to save the 
known_hosts file off the ram-based fs upon shutdown, and copy it back to 
where it was upon boot.

 On Mon, 10 Feb 2003, James P. Kinney III wrote:

#Is it possible to populate that ram disk with a valid known_hosts file?
#That would really be a better way to work this than to turn off
#authentication.
#
#
#On Mon, 2003-02-10 at 12:26, cfowler wrote:
#> But my impersistence is du to the fact that ~/.ssh/known_hosts sits in
#> ram and not on disk.
#> 
#> 
#> On Mon, 2003-02-10 at 12:19, James P. Kinney III wrote:
#> > The persistence is due to the remote host IP address changing. Classic
#> > case: remote host using dynamic DNS listing gets new IP address from
#> > ISP. Next ssh connection grips about authenticity as the host key is
#> > good but it is keyed to the IP address.
#> > 
#> > On Mon, 2003-02-10 at 11:24, Jerry Z. Yu wrote:
#> > > 	if you really really don't care about host authenticity, you can 
#> > > set 'StrictHostKeyChecking' to 'no', so ssh can automatically add new 
#> > > host keys to the user known hosts files.
#> > > 	 $HOME/.ssh/known_hosts should be persistent. Not sure why/what 
#> > > you are referring to on its impersistence?
#> > > 
#> > > 
#> > > On Mon, 10 Feb 2003, Jason Day wrote:
#> > > 
#> > > #On Mon, Feb 10, 2003 at 10:53:48AM -0500, cfowler wrote:
#> > > #> I want to configure ssh_config so that the users do not get the
#> > > #> following message.  I do not care about authenticity of hosts.  I
#jst
#> > > #> want encryption.  The ~/.ssh/known_hosts file is not persistent
#across
#> > > #> reboots so this message could become a little bit of a pain
#> > > #
#> > > #I don't think it can be done without a code change, since that would
#> > > #defeat most of the point.  You might be able to work around it,
#though.
#> > > #You say that ~/.ssh/known_hosts is not persistent, but could you make
#a
#> > > #persistent known_hosts file?  If so, you could set the
#> > > #StrictHostKeyChecking options to "yes" and the UserKnownHostsFile
#option
#> > > #to a persistent known_hosts file, which you would have to maintain.
#If
#> > > #the server keys ever change, though, you will have to update the
#> > > #known_hosts file, or your users won't be able to connect.
#> > > #
#> > > #Jason
#> > > #-- 
#> > > #Jason Day                                       jasonday at
#> > > #http://jasonday.home.att.net                    worldnet dot att dot
#net
#> > > # 
#> > > #"Of course I'm paranoid, everyone is trying to kill me."
#> > > #    -- Weyoun-6, Star Trek: Deep Space 9
#> > > #_______________________________________________
#> > > #Ale mailing list
#> > > #Ale at ale.org
#> > > #http://www.ale.org/mailman/listinfo/ale
#> > > #
#> > > 
#> > > Jerry Z. Yu				+1-404-487-8544 (O)
#> > > systems engineer			z.yu at voicecom.com
#> > > is support, voicecom, llc		www.voicecom.com
#> > > 
#> > > _______________________________________________
#> > > Ale mailing list
#> > > Ale at ale.org
#> > > http://www.ale.org/mailman/listinfo/ale
#> > -- 
#> > James P. Kinney III          \Changing the mobile computing world/
#> > CEO & Director of Engineering \          one Linux user         /
#> > Local Net Solutions,LLC        \           at a time.          /
#> > 770-493-8244                    \.___________________________./
#> > http://www.localnetsolutions.com
#> > 
#> > GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
#<jkinney at localnetsolutions.com>
#> > Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 
#> 
#> 
#> _______________________________________________
#> Ale mailing list
#> Ale at ale.org
#> http://www.ale.org/mailman/listinfo/ale
#-- 
#James P. Kinney III          \Changing the mobile computing world/
#CEO & Director of Engineering \          one Linux user         /
#Local Net Solutions,LLC        \           at a time.          /
#770-493-8244                    \.___________________________./
#http://www.localnetsolutions.com
#
#GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
#<jkinney at localnetsolutions.com>
#Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7 
#

Jerry Z. Yu				+1-404-487-8544 (O)
systems engineer			z.yu at voicecom.com
is support, voicecom, llc		www.voicecom.com

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale






More information about the Ale mailing list