{"id":248,"date":"2011-10-25T16:49:58","date_gmt":"2011-10-25T21:49:58","guid":{"rendered":"http:\/\/www.soljerome.com\/blog\/?p=248"},"modified":"2012-03-15T08:38:32","modified_gmt":"2012-03-15T13:38:32","slug":"openssh-ignore-global-known-hosts","status":"publish","type":"post","link":"https:\/\/www.soljerome.com\/blog\/2011\/10\/25\/openssh-ignore-global-known-hosts\/","title":{"rendered":"Openssh ignore global known hosts"},"content":{"rendered":"<p>I use <a href=\"http:\/\/bcfg2.org\">Bcfg2<\/a> to create and synchronize the <code>\/etc\/ssh\/ssh_known_hosts<\/code> file across all the machines I manage. The result of this is that the known_hosts file actually contains useful information.<\/p>\n<p>The one case where this bites me is when I want to boot from a live CD and image the drive on the machine itself. Booting into the live CD and starting sshd creates new keys which gives me this ugly message:<\/p>\n<pre>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\n@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @\r\n@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@\r\nIT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!\r\nSomeone could be eavesdropping on you right now (man-in-the-middle attack)!\r\nIt is also possible that the RSA host key has just been changed.\r\nThe fingerprint for the RSA key sent by the remote host is\r\n69:38:ba:80:93:b8:2a:29:ec:b3:65:e2:40:da:78:54.\r\nPlease contact your system administrator.\r\nAdd correct host key in \/root\/.ssh\/known_hosts to get rid of this message.\r\nOffending key in \/etc\/ssh\/ssh_known_hosts:153\r\nPassword authentication is disabled to avoid man-in-the-middle attacks.\r\nKeyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.\r\nPermission denied (publickey,keyboard-interactive).<\/pre>\n<p>I don&#8217;t want to go to the trouble of editing the global known_hosts file since it actually contains correct information (and someone may want to use that before bcfg2 runs again). Therefore, I just want to temporarily disable checking of the file. I found a cool little option for ssh to do just that. It&#8217;s called <strong>GlobalKnownHostsFile<\/strong> and we can set it to <code>\/dev\/null<\/code> to temporarily turn off the feature.<\/p>\n<pre>ssh -o GlobalKnownHostsFile=\/dev\/null<\/pre>\n<p>You will probably want to use this in conjunction with the <strong>UserKnownHostsFile<\/strong> option so that the client doesn&#8217;t save the temporary key to your <code>~\/.ssh\/known_hosts<\/code>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>I use Bcfg2 to create and synchronize the \/etc\/ssh\/ssh_known_hosts file across all the machines I manage. The result of this is that the known_hosts file actually contains useful information. The one case where this bites me is when I want to boot from a live CD and image the drive on the machine itself. Booting <a href='https:\/\/www.soljerome.com\/blog\/2011\/10\/25\/openssh-ignore-global-known-hosts\/' class='excerpt-more'>[&#8230;]<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[3,11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/posts\/248"}],"collection":[{"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/comments?post=248"}],"version-history":[{"count":4,"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/posts\/248\/revisions"}],"predecessor-version":[{"id":276,"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/posts\/248\/revisions\/276"}],"wp:attachment":[{"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/media?parent=248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/categories?post=248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.soljerome.com\/blog\/wp-json\/wp\/v2\/tags?post=248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}