Important Notice: Our web hosting provider recently started charging us for additional visits, which was unexpected. In response, we're seeking donations. Depending on the situation, we may explore different monetization options for our Community and Expert Contributors. It's crucial to provide more returns for their expertise and offer more Expert Validated Answers or AI Validated Answers. Learn more about our hosting issue here.

Is there an option to turn off the annoying host key prompts?

0
10 Posted

Is there an option to turn off the annoying host key prompts?

0

No, there isn’t. And there won’t be. Even if you write it yourself and send us the patch, we won’t accept it. Those annoying host key prompts are the whole point of SSH. Without them, all the cryptographic technology SSH uses to secure your session is doing nothing more than making an attacker’s job slightly harder; instead of sitting between you and the server with a packet sniffer, the attacker must actually subvert a router and start modifying the packets going back and forth. But that’s not all that much harder than just sniffing; and without host key checking, it will go completely undetected by client or server. Host key checking is your guarantee that the encryption you put on your data at the client end is the same encryption taken off the data at the server end; it’s your guarantee that it hasn’t been removed and replaced somewhere on the way.

0

No, there isn’t. And there won’t be. Even if you write it yourself and send us the patch, we won’t accept it. Those annoying host key prompts are the whole point of SSH. Without them, all the cryptographic technology SSH uses to secure your session is doing nothing more than making an attacker’s job slightly harder; instead of sitting between you and the server with a packet sniffer, the attacker must actually subvert a router and start modifying the packets going back and forth. But that’s not all that much harder than just sniffing; and without host key checking, it will go completely undetected by client or server. Host key checking is your guarantee that the encryption you put on your data at the client end is the same encryption taken off the data at the server end; it’s your guarantee that it hasn’t been removed and replaced somewhere on the way. Host key checking makes the attacker’s job astronomically hard, compared to packet sniffing, and even compared to subverting a router.

Related Questions

What is your question?

*Sadly, we had to bring back ads too. Hopefully more targeted.