andrewchilds
commented
10 years ago I agree that the IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! warnings are annoying when you're creating and destroying machines, but it's warning you for a reason, and I don't think we should disable them by default. Here are a couple alternatives that might work and won't throw out man-in-the-middle protection:
- I could add an overcast wrapper around
ssh-keygen -R [hostname]that you use manually:overcast forget [instance|cluster|all]. Not sure if "forget" is the right word to use for the command, but something like that. - I could run
ssh-keygen -R [hostname]automatically duringovercast [provider] createandovercast [provider] destroy. This approach will only work if you use Overcast to create/destroy your machines. - I could add a
--disable-known-hostsflag to therunandsshcommands, but it would have to be used all the time for that instance. Doesn't seem like a great option.
I think options 1 and 2 are the way to go, as that covers both Overcast-managed machines as well as machines managed elsewhere. Thoughts?
References:
thariman
Hi Andrew,
Could you add "-o UserKnownHostsFile=/dev/null" for ssh so it will not add new host for known_hosts useful if we often create and destroy vm to prevent stale information.
Thank you