[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: issues with stretch, part 1 of many

Good day, Ionel,

Am Dienstag, 27. November 2018 schrieb Ionel Mugurel Ciobîcă:
> The first question I want to ask relates to ssh, ssh-ask and
> ssh-agent. When I ssh to another computer I am asked "Allow use of key
> id_rsa? Key fingerprint ..." If I uninstall all ssh-ask programs I
> simply can't use the ssh-agent anymore and I am prompted for password.
> I try ssh-ask, ssh-ask-fullscreen, ssh-ask-gnome and the similar from
> kde. I check the /etc/ssh/ssh_config and /etc/ssh/sshd_config for
> anything that may relate to this. The only think coming close are:
> UsePAM yes
> ChallengeResponseAuthentication no
> Is there something I overlook?
> To be clear, I do not want to be asked if I allow the use of a key, I
> just want this to be assumed yes, as it was the case in the past.

This is just a guess.  Maybe you are looking for this option 
in /etc/ssh/ssh_config:

#   StrictHostKeyChecking ask

The default is to ask, see above, copied from the (unchanged) file on my 

man ssh_config(5):

         If this flag is set to yes, ssh(1) will never automatically add
         host keys to the ~/.ssh/known_hosts file, and refuses to connect
         to hosts whose host key has changed.  This provides maximum
         protection against trojan horse attacks, though it can be
         annoying when the /etc/ssh/ssh_known_hosts file is poorly
         maintained or when connections to new hosts are frequently made.
         This option forces the user to manually add all new hosts.  If
         this flag is set to no, ssh will automatically add new host keys
         to the user known hosts files.  If this flag is set to ask (the
         default), new host keys will be added to the user known host
         files only after the user has confirmed that is what they really
         want to do, and ssh will refuse to connect to hosts whose host
         key has changed.  The host keys of known hosts will be verified
         automatically in all cases.

If you configure ssh to ask, then, after you confirmed for one particular 
connection/key, this choice will be saved in ~/.ssh/known_hosts and you 
will not be asked again (until the key on the same server is changed).

Speculating again: when you installed your system, the file 
~/.ssh/known_hosts didn't contain the entries for the servers you usually 
connect to.  If that's the case, you can import/copy the ssh configuration 
from your old system to avoid being asked.

Hope this helps,

Reply to: