Re: ssh /home/user/.ssh/config problem

[Colin Watson <cjwatson@debian.org>]

On Mon, Aug 25, 2003 at 05:54:54PM +0200, Neo wrote:
> user@local:/home/user/.ssh >grep -v '^#' < config
> Host *
>    BatchMode                        yes
> user@local:/home/user/.ssh >ls -al known_hosts
> ls: known_hosts: No such file or directory
> user@local:/home/user/.ssh >ssh remote
> Host key verification failed.                              <-------- ?
> user@local:/home/user/.ssh >vi config
> user@local:/home/user/.ssh >grep -v '^#' < config
> Host *
>    BatchMode                        no
> user@local:/home/user/.ssh >ssh remote
> The authenticity of host 'remote (192.168.1.1)' can't be established.
> RSA key fingerprint is fb:e4:98:70:40:1c:7f:86:b8:88:d5:a0:27:5d:70:eb.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added 'remote,192.168.1.1' (RSA) to the list of
> known hosts.
> Linux remote 2.4.18.686v5 #1 Sat Jul 12 23:26:32 CEST 2003 i686 unknown
> Last login: Mon Aug 25 16:49:21 2003 from local
> user@remote:/home/user >

That's deliberate, and is not a bug. If ssh is going to be required to
show you the host key prompt (which you're supposed to read and answer
properly, since a man-in-the-middle attack is always possible when that
prompt has been printed), but can't due to being in batch mode, it fails
safe and refuses.

Workaround: ssh to the host in question once and answer the question in
order to get its fingerprint into ~/.ssh/known_hosts, or pre-populate
known_hosts if you know how.

Cheers,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]