Pischti hat geschrieben:hab im man nix dzu finden können (oder war zu blind :-))
letzteres.
man ssh_config:
StrictHostKeyChecking
If this flag is set to ``yes'', ssh will never automatically add
host keys to the $HOME/.ssh/known_hosts file, and refuses to con-
nect to hosts whose host key has changed. This provides maximum
protection against trojan horse attacks, however, can be annoying
when the /etc/ssh/ssh_known_hosts file is poorly maintained, or
connections to new hosts are frequently made. This option forces
the user to manually add all new hosts. If this flag is set to
``no'', ssh will automatically add new host keys to the user
known hosts files. If this flag is set to ``ask'', new host keys
will be added to the user known host files only after the user
has confirmed that is what they really want to do, and ssh will
refuse to connect to hosts whose host key has changed. The host
keys of known hosts will be verified automatically in all cases.
The argument must be ``yes'', ``no'' or ``ask''. The default is
``ask''.
CheckHostIP
If this flag is set to ``yes'', ssh will additionally check the
host IP address in the known_hosts file. This allows ssh to
detect if a host key changed due to DNS spoofing. If the option
is set to ``no'', the check will not be executed. The default is
``yes''.
herrchen
)