So, now I'm getting man in the middle attack warnings when I try to use SSH via Windows Powershell and Open SSH for Windows.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.If it comes back blank with return code of 1, then you don't have it.If it prints something and return code is 0, then it's already present.--- # ansible playbook that adds ssh fingerprints to known_hosts - hosts: all connection: local gather_facts: no tasks: - command: /usr/bin/ssh-keyscan -T 10 register: keyscan - lineinfile: name=~/.ssh/known_hosts create=yes line= with_items: '' This is simply dumps output of a keyscan, yes.You certainly wouldn't do anything "automatically"[email protected] Wallace Yes, for that you need at least the fingerprint or even better the public key, in which case you can add it directly to known_hosts, turning this question moot.If you only have the fingerprint, you will have to write an extra step which verifies the downloaded public key with your [email protected] ssh-keygen -F will give you the current fingerprint. I've tried a search for some of those phrases in the Open SSH web CVS repo, but didn't find it via google site: searching. You might look at your logs for weirdness involving ssh, sudo (to edit ssh_config).
On my primary partition (there is no special /home) I have only 3% usage. If I run ssh with -vvv I don't get any extra information between it asking if I want to connect and warning me that it is permanently added to known hosts (which we've determined is a lie).
When I log in from termserv to any other servers, ssh asks me to verify the host fingerprint. If I immediately log out and log back in, this happens again.
I tried blanking the known_hosts file, checked permissions and tried again. There is a notable amount of pause between the report that it added the fingerprint to known hosts and being asked for my key passphrase.
@Mnebuerquo: If you were worried about security then you wouldn't have anything at all to do with this question.
You'd have the correct host key in front of you, gathered from the console of the system you wanted to connect to, and you would manually verify it upon first connecting.
To get around this, the known_hosts file is imported using kh2(