ZenLinux Blog

Secure shell (ssh) uses cryptographic keys to uniquely identify (fingerprint) the hosts that you connect to. Once you connect to a new host, the fingerprint string is added to a file called known_hosts in your ~/.ssh directory. Then, every time you reconnect to that host, the fingerprint is checked to ensure it hasn’t changed.

This is an important security feature, because if the saved fingerprint doesn’t match, it could be because someone is maliciously spoofing the server you’re trying to connect to as part of a man-in-the-middle (MITM) type attack. However, in this modern age, some of us have local networks with numerous devices/laptops which change their IP address regularly due to DHCP. When this happens and you ssh to a device now using the same IP that a previous device used (and for which you have the host fingerprint saved), you get a nastygram from ssh and it refuses to allow you to connect to the device. Then you must clear the fingerprint from your ~/.ssh/known_hosts file and reconnect. This gets old really quickly.

So I spent some time today reviewing ssh configuration options to disable this host key checking for my home network subnet. Upon first glance, the StrictHostKeyChecking option seems like the one you’d want to change, but in fact setting it to “no” still does not allow you to ssh to a host when the saved fingerprint doesn’t match up.

In resignation, I instead hacked up a different solution, and now tell ssh to use /dev/null instead of ~/.ssh/known_hosts as where to save host keys for my local subnet. If anyone knows a better solution to this, please enlighten me. Here is my final ~/.ssh/config file:

Host 192.168.1.*
StrictHostKeyChecking no
UserKnownHostsFile /dev/null

Note that for hosts outside of my home subnet, the host key checking is still enforced (as it should be).

The Tour de Cure is a fundraising event for the American Diabetes Association. This year I will be riding my bike 75 miles to support the efforts to prevent and cure diabetes, as well as improve the quality of life for those impacted by this increasingly common disease. I would greatly appreciate sponsorship donations of any amount. Please visit my Tour de Cure web page for more info and how to sponsor my ride. Thank you!

An Easter Sunday hike up Blue Job mountain. I needed my ski poles for stability, not so much going up, but on the way down. Saw a pair of wild turkeys while I was heading down but wasn’t quick enough to take a shot with the camera.

NetBeans 6.0 has been a boon to my coding productivity, but as I’ve been using it more, I’ve also encountered some of its problems. The most annoying of which are bugs in the HTML/RHTML indentation engine. See issue 109262 and issue 120491 to see what I mean. The most maddening thing to me is that there is a facility to disable the indentation engine in the advanced options, but it doesn’t work. So I have been wasting a considerable amount of time fighting with the inconsistent formatting “style” NetBeans has been trying to enforce.

I’m hoping that the 6.1 milestones will be stable enough to use – where some of these bugs have reportedly been fixed – and am planning to try them out starting on Wednesday, when 6.1M2 will be available.

New Hampshire has been battered again with yet another winter storm. The snowbanks are getting to be 8 feet high in many spots, which makes turning onto busy roads while driving more challenging than usual. However, this has been one heck of a winter for snowshoeing, and I’m fortunate enough to have been enjoying it fairly regularly. Here are a couple of photos I took today while I was out in the woods.