You defeat the purpose of automation
So, you are advocating for ignoring any security issue just to make your work easier, right?
That may be acceptable if you use ssh just to check that your machines are up and run some dummy commands, or if you are in a very controlled environment. But in general, telling ssh to ignore the known_hosts file is a very bad idea. Automation is not an excuse.
A simple upgrade to SSH on UNIX and all your automation is no longer automated until known_host entries are cleared
No SSH software that I know changes the server keys on upgrades. That only should happen the first time you install it.
Anyway, handling host keys properly may be a lot of work, right, that's life, security is not something you get for free and those uppercased warnings you get from SSH does really mean something:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle att +ack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is 15:a9:45:01:49:6c:64:10:3a:78:02:3d:52:39:2d:bf.
In reply to Re^5: making NET:SSH quiet
by salva
in thread making NET:SSH quiet
by Stoomy
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |