[Info-vax] SSH hostkeys auto-register, TCPIP Service 5.4
Steven Schweda
sms.antinode at gmail.com
Wed Oct 21 12:32:27 EDT 2009
Pierre wrote:
> when I connect to some host using $ SSH <hostname> and that this host
> public key is not in TCPIP$SSH_DEVICE:[TCPIP$SSH2.HOSTKEYS], the SSH
> tool complains about it but it auto-register the given public key in
> SYS$LOGIN:[SSH2.HOSTKEYS]
>
> doing so, subsequent login to that host will use it and wont even
> complain or signal it.
>
> how can I prevent this behavior and have, either SSH complain on each
> and every login if the public key is not present in the system
> HOSTKEYS dir or prevent the user to login if the host public key is
> not in the system HOSTKEYS dir ?
According to:
http://h71000.www7.hp.com/doc/732final/aa-rvbua-te/00/00/21-con.html
If the file is not found in either the systemwide or account-
specific
[.HOSTKEYS] directory, the first time you attempt to connect from your
client to a remote SSH server, you are prompted to accept a copy of
the
server's public host key.
You can control this behavior using the StrictHostKeyChecking
option
in the client configuration file. [...]
More information about the Info-vax
mailing list