[BBLISA] Mac users ssh client and changing host keys
Bob Webber
webber at panix.com
Thu Jan 23 19:04:15 EST 2014
On Jan 23, 2014, at 12:18 PM, Alex Aminoff <alex at basespace.net> wrote:
>
> Hi folks.
>
> What is the typical way a Mac user uses ssh? Do they use the command-line ssh client that comes with the OS, or do they download some app analogous to putty on windows?
Generally people use the built-in ssh client, which uses the standard ~/.ssh/known_hosts mechanism to record known hosts.
"ssh-keygen -R" for each of a list of local hosts being renumbered would be a nice touch, if you can distribute a script to do the work to your users.
If you are distributing a script (including by showing it to people) you might want to also run “ssh-keyscan” on each of the Macs to generate a new known_hosts for each user. There are the obvious issues with automation there, but they might be no worse than the way keys are approved as correct by users on a manual basis.
Bob
>
> We plan to renumber all our IP space, which will cause saved ssh host keys to become invalid. Is there a well-known procedure or site with instructions advising mac users on how to deal with this situation? I have found one reference to ssh-keygen -R, and several that recommend just deleting .ssh/known_hosts. I'm asking on the list because I'd like to get a sense of what is common or best practice.
>
> Thanks,
> - Alex Aminoff
> NBER
>
>
>
>
> _______________________________________________
> bblisa mailing list
> bblisa at bblisa.org
> http://www.bblisa.org/mailman/listinfo/bblisa
>
More information about the bblisa
mailing list