StrictHostKeyChecking not working
by salilsurendran from LinuxQuestions.org on (#537SA)
I am trying to ssh to a host via a bastion. I have set StrictHostKeyChecking=no for both ssh as well as the ProxyCommand
Code:ssh -i ~/mykey.pem-prod hadoop@final.destination.ec2.internal -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no -o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -i ~/mykey.pem-prod ec2-user@mybastion.us-east-1.amazonaws.comSometimes it works but sometimes I get this message:
Code:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:
Please contact your system administrator.
Add correct host key in /Users/myname/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/myname/.ssh/known_hosts:7
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Error: forwarding disabled due to host key check failure
ssh_exchange_identification: Connection closed by remote hostI was thinking that StrictHostKeyChecking=no should prevent this problem.
Code:ssh -i ~/mykey.pem-prod hadoop@final.destination.ec2.internal -o "UserKnownHostsFile=/dev/null" -o StrictHostKeyChecking=no -o ProxyCommand="ssh -o StrictHostKeyChecking=no -W %h:%p -i ~/mykey.pem-prod ec2-user@mybastion.us-east-1.amazonaws.comSometimes it works but sometimes I get this message:
Code:@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:
Please contact your system administrator.
Add correct host key in /Users/myname/.ssh/known_hosts to get rid of this message.
Offending ECDSA key in /Users/myname/.ssh/known_hosts:7
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
Error: forwarding disabled due to host key check failure
ssh_exchange_identification: Connection closed by remote hostI was thinking that StrictHostKeyChecking=no should prevent this problem.