At my new job, I haven't had as many issues in that department but I do re-image servers quite a bit and then need to SSH back into the machine and get those pesky errors informing me there might be a man-in-the-middle attack. Well, this is an internal firewalled server, so that's extremely unlikely.
When this happened I started off by runing ssh-keygen -R[hostname|IP address]
and that worked well, but if you by chance have more than one known_hosts file under your .ssh it might not work.
When that became a little more tedious I tried just deleting the known_hosts* file(s) under .ssh. That worked too, but it's a little too much for the task at hand. Kinda like taking a sledgehammer to a small problem.
I ultimately decided that I wanted something a little less severe that would tackle the short-term problem. The best solution is to pass command line arguments when you SSH.
ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@
I found a few sites that mentioned this but, it was Linux Commando who provided good detail. Thanks.
Since I was also doing SSH scripting with Perl, I though I would add a step to my script to wait for the SSH daemon to start after a re-image/reboot.
Here's the code, and it was a little more difficult to get to work since I don't work with Perl as regularly (although more recently) and the Net::SSH::Perl documentation could offer a few more examples of how to setup the options.
Here's the code :
eval
{
my %params;
$params{"strict_host_key_checking"} = "no";
$ssh = Net::SSH::Perl->new($passedHost, %params, options => ["UserKnownHostsFile /dev/null"] );
$ssh->login($user, $pass, %params);
};
if ($@) {
warn "Cannot SSH yet. Here's the error message below:\n$@Waiting 30 seconds for SSH daemon to come up.\n";
}
sleep 30;
