<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 11/12/2013 07:47 AM, Miroslav Suchý
wrote:<br>
</div>
<blockquote class=" cite" id="mid_5282235F_6000203_redhat_com"
cite="mid:5282235F.6000203@redhat.com" type="cite"><br>
2) if you know that some machines change fingerprint and you
*trust it* you can do:
<br>
<br>
~/.ssh/config:
<br>
Host 192.168.1.1
<br>
UserKnownHostsFile /dev/null</blockquote>
<br>
It always bugged me that the choice was to either disable or
manually edit an obscure file, so I was happy to find that you can
delete stale entries from commandline:<br>
<br>
ssh-keygen -R hostname<br>
<br>
Admittedly, this is pretty obscure and I think it would be a better
idea if SSH directly allowed an override, perhaps like this:<br>
<br>
<pre><span class="body"><pre>@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is
23:00:21:33:d4:0f:95:f1:eb:34:b2:57:cf:3f:2c:e7.
If you think it's safe to override this check, you can connect
this time [o] or delete the current host key before connecting [O]:
</pre></span></pre>
<br>
</body>
</html>