We just recently set up a password-less connection between two servers. We have security concerns related to the contents of the known_hosts file. Basically the concern is if some one were to gain access to our system, and they were able to look in the known_hosts file they would get the IP address information to the rest of the servers linked to this box.
I'm searching for a way to suppress the IP address from being entered into the known_hosts file.
There is a solution in this article below on by-passing the check to see if the foreign server is a known host:
The following statement will by-pass the known_hosts checking and will log you in to the foreign server without being prompted to enter that server information into the existing /ssh/known_hosts file. I'm including a quote from the article:
“you can skip the host key checking by sending the key to a null known_hosts file:
$ ssh -o “UserKnownHostsFile=/dev/null” -o “StrictHostKeyChecking=no” user@host”
When you implement this, in addition to suppressing being prompted by the known_hosts checking procedure, does the IP address of the server you’re connecting to still get stored in the existing /ssh/known_hosts file or does
it not get stored anywhere? (i.e. “UserKnownHostsFile=/dev/null”)
If anyone is familiar with this type of command? I'm trying to get confirmation that it prevents the IP address from getting stored. From what I know about /dev/null/, it does look like this is the case however, I'm only 80% sure. Is there anyone out there that can confirm this confirm this. You don't really have to know SSH protocols, any Linux expert might know this.
When you redirect your UserKnownHostsFile to /dev/null as seen above does it, in fact, prevent your IP address from being stored in the .ssh/known_hosts file. Thanks!
/var/log/wtmp– mashuptwice Mar 01 '22 at 19:12historywill give the information about the host also :) – Romeo Ninov Mar 01 '22 at 19:54