How to handle ssh key ?

Question

system("ssh test.host.com");

its asking for permentaly add key or not ?

I want automatically it should say yes !

Answer 1

Run the SSH Agent before you start your application and use it to add a key (option in the menu on Windows or use ssh-add from the command line on Unix).

Answer 2

Someone has to agree that the first key is valid. You could require users to add the pertinent information to ~/.ssh/known_hosts manually (or do it yourself).

Answer 3

As Nathon mentioned the right way to fix this is to get the hosts key in your list of known keys. The simple way is to ssh to the host once manually and answer yes and then the key will be cached in $HOME/.ssh/known_hosts. This has to be done for each host you will connect to and for each user that will run the program. If you have admin rights on the system your running ssh from you can also add the host keys to /etc/ssh/ssh_known_hosts to make them available to all users.

If you don't know what host the script will connect to you might need to look into a module like Expect to watch for and respond to the host key prompt. Although automating this step subverts some of the security ssh provides.

Answer 4

The fact that ssh asks if you want to connect even if the host's public key isn't checked yet is the result of having StrictHostKeyChecking ask (or yes) in your /etc/ssh/ssh_config or ~/.ssh/config. You can set it to no if you want to automatically add unknown host keys to your known_hosts file. If you don't want to make this a permanent configuration change, you can also use it on the command line:

system("ssh -o StrictHostKeyChecking=no test.host.com");

In either case, ssh will issue a warning on host key mismatches an will disable password authentication because of possible man-in-the-middle attacks. You can still login with public-key authentication.