How to disable StrictHostKeyChecking

[Samuel Mutel]

Hello,

Do we have an option to disable rsync StrictHostKeyChecking=yes option ?

Thanks.

 

[Fredda]

Add it to the extra options, check for the "-e" option of rsync.

 

[Samuel Mutel]

It will override the default option StrictHostKeyChecking=yes ?
This part is hardcoded in the code, no ?

 

[Fredda]

With the "-e " option you have the ability to add options to the ssh call. Take a look in the rsync manpage for examples.
You are talking about "rsync Tasks" from the FreeNAS menu, right?
You could also try to edit the /usr/local/etc/ssh/ssh_config file, but that will probably be back after a reboot.

 

[Samuel Mutel]

Yes I am speaking about Rsync Tasks in FreeNas menu.
I tried to change the system ssh_config and also the .shh/config on the user home used for rsync. It is working on the SSH console but it's not working on the rsync tasks.

 

[Fredda]

Please not there are two different ssh_config files, one located in /etc/ssh the other located in /usr/local/etc/ssh.

You could try another thing: Log in as the user defined to run the rsync task in your FreeNAS and from there log in via ssh into the rsync destination maschine. You should be prompted if you want to add the host key to the known_hosts file. Also check that file for offending keys and remove them.

From now on it should work with StrictHostKeyChecking=yes

 

[Samuel Mutel]

Yes currently I am using known_hosts of user which is in charge of the backup.
But if the monitored server is destroyed and recreated, I need to manually accept the SSH key again.

 

[Fredda]

If ssh accepts the local .ssh/known_hosts it should also accept the local .ssh/config file.
So I can only assume the rsync task enforces the strict version. You could check for the actual rsync command from shell when it is running.
From a security perspective I think the behavior is like it should be. How often does the server change its key? It should not do that too often.
Again, if you really need StrictHostKeyChecking=no, as I said, check the "-e" option of rsync.
Or you could run a cronjob using ssh-keyscan to update the known_hosts automatically.

 

[Samuel Mutel]

With new tool like terraform, servers are destroyed and recreated more often than previously.
I will try your idea of crontab. Thanks.