Wednesday, May 4, 2011

striicthostkeychecking in ssh

Stricthostkey option in ssh

this can be configured in /etc/ssh/ssh_config  or it can be given in the command mode by specifying
ssh -o StrictHostKeyChecking=no 123.33.44.45
        

no option:  in this case when stricthostkey option is set to no:
1)when host key for the connecting server is not in the $HOME/.ssh/known_hosts file,it is added to the file after asking the confirmation from the server.
2)when there is a host key mismatch,it simply connects after showing a warning.
3)not advisable as security is very low.

ask option is the default option:
1)In this case also,when host key for the connecting server is not in the $HOME/.ssh/known_hosts file,it is added to the file after asking the confirmation from the server
2)But when there is a host key mismatch,it denies the connection showing the place where the mismatch has happened.

on option:
1)it is the strictest mode and unfriendliest mode..
2)In this case,when host key for the connecting server is not in the $HOME/.ssh/known_hosts file it simply denies the connection.
2) when there is a host key mismatch,it denies the connection.

No comments:

Post a Comment