Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Depends on your circumstances, really. If you're in an environment with lots of VM's floating around, being created, destroyed, and so on, dealing with SSH's paranoia (why can't I just dismiss a warning about a host/key mismatch instead of having to edit .known_hosts?) quickly becomes an exercise in frustration for dubious security benefit. (If the enemy is on your LAN and able to manipulate your DNS, you've already lost)

On your home box, sure. But let's not pretend there's not a reason for the option to exist.



I use an alias to select when to, and not to, use host keys;

alias ssht='ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no'

ssht floaty.vm # does not use host key checking

ssh my.bastion.host # validates host key

Really I ought to get SSHFP records populated when my vm's are created...


In these environments you can use server certificates

https://www.digitalocean.com/community/tutorials/how-to-crea...


In which case, just use telnet. Seriously.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: