Re: Subject: network-console installation and ssh keys
On 20150414_2134+0000, Liam O'Toole wrote:
> On 2015-04-14, David Wright <david@lionunicorn.co.uk> wrote:
> > I like the new Network Console option in the installer.
> > However, when I reinstall Debian onto a machine called, say, desk
> > select the necessary options, type in the password for the
> > installer session, and then sit back with a machine called, lap,
> > when I type ssh installer@desk I get the usual
> >
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> > Someone could be eavesdropping on you right now (man-in-the-middle
> > attack)!
> > It is also possible that a host key has just been changed.
> > The fingerprint for the RSA key sent by the remote host is
> >
> > because the installer has generated and is running with fresh keys.
> > (I frequently connect from lap to desk and vice versa and so
> > have authorised_keys as well as know_hosts there.)
> >
> > What do most people do here?
On this one, I think *most*people* are like me. I ignore the
warning. Unless I am doing the install in a coffee shop with 'free'
internet access that I have never used before. But at home, if I am
using an ISP that I have been using for several years, and that has a
good reputation in my part of the world, I know the warning does not
apply to me, in my particular situation.
HTH, YMMY, etc., etc.
> >
> > Cheers,
> > David.
>
> Put the following in ~/.ssh/config:
>
> Host desk
> UserKnownHostsFile /dev/null
> StrictHostKeyChecking no
>
> See the man page of ssh_config for details.
I think this will silence the warning forever, or at least until you
think to delete those lines from your ~/.ssh/config. I do not want to
do that, because I am too cautious to commit, long term, to such a
departure from what Debian gurus consider to be best practice. ;-)
YMMV,
Cheers,
--
Paul E Condon
pecondon@mesanetworks.net
Reply to: