When logging in to a ssh server for the first time with SecureCRT, regarding the host key database, it asks if I want to Accept Once, Accept & Save, or Cancel.
Is there any way to make it automatically Accept & Save every time (for a specific server).

The reason is, my ip address on the server seems to change too frequently, and every time it does, when I try to connect via SecureCRT, it asks me again about the host key. This prevents "auto reconnect" from working as I still have to be there to manually connect.

Thanks

Anyone have any idea about this?

When logging in to a ssh server for the first time with SecureCRT, regarding the host key database, it asks if I want to Accept Once, Accept & Save, or Cancel.
Is there any way to make it automatically Accept & Save every time (for a specific server).

The reason is, my ip address on the server seems to change too frequently, and every time it does, when I try to connect via SecureCRT, it asks me again about the host key. This prevents "auto reconnect" from working as I still have to be there to manually connect.

Thanks

When logging in to a ssh server for the first time with SecureCRT, regarding the host key database, it asks if I want to Accept Once, Accept & Save, or Cancel.
Is there any way to make it automatically Accept & Save every time (for a specific server).

The reason is, my ip address on the server seems to change too frequently, and every time it does, when I try to connect via SecureCRT, it asks me again about the host key. This prevents "auto reconnect" from working as I still have to be there to manually connect.

Thanks

Hello ac710,

In SecureCRT, there isn't a way to have the server's Host key automatically.
Generally, the only time that this question should be asked is if either the server's host key or IP address changes.

From your description it sounds like you get this message fairly often.

Do you see this message every time that you connect?

Is the server using DHCP to get an IP address?

Thanks,

-bocks

What seems clear is that the user is running a server which has a dynamic IP address. He probably uses a dynamic DNS service to help him find his server wherever it moves to on the Internet. In such a case, though, SecureCRT is constantly asking him to confirm the host key, because the IP is different.

Maybe SCRT can use the hostname instead of the IP to find that the host is indeed using the same host key, and avoid prompting to store the new one?

Hi FuzzyFox,
Maybe SCRT can use the hostname instead of the IP to find that the host is indeed using the same host key, and avoid prompting to store the new one?
SecureCRT uses both the IP address and the system name to index a host key. If either changes, then the user is prompted to determine if the system that they are connecting to is still trusted. By notifying the user of this change, it helps to prevent someone attempting to spoof the connection and intercept the user.

The feature that ac710 requested was a flag that would allow SecureCRT to automaticallly save host keys without having to display the dialog to save the new host key.

This ability would allow the user to continue to connect using the system name, and when the IP address changes, he would not be prompted to save the key for the new IP address. This ability does have some security issues involved.

Thanks

-bocks

When logging in to a ssh server for the first time with SecureCRT, regarding the host key database, it asks if I want to Accept Once, Accept & Save, or Cancel.
Is there any way to make it automatically Accept & Save every time (for a specific server).

We have created a feature request for a Session option in SecureCRT to allow host keys to be saved autmatically. This would allow a user to have multiple sessions and specify only those sessions that need this ability. For other sessions, the user would still be prompted be default.

If anyone would like to be notified when a future release of SecureCRT that has this ability incorporated becomes available, please send a message to support@vandyke.com requesting to be added to the feature request and referencing this thread:

http://forums.vandyke.com/showthread.php?p=3475

Once we receive the message, we will add your contact information to the feature request.

Thanks,

-bocks

once you perform "accept & save". where is the host key DB stored, locally?

Hi damianj,
once you perform "accept & save". where is the host key DB stored, locally?

The default location for the nost key database is:
C:\Documents and Settings\username\Application Data\VanDyke\Known Hosts
This directory contains the Host keys that are saved on your system. In general, there can be two entries for each host that you connect to. One for the IP address, and another for the system name.

If there is a change in either the key, IP address, or the host name, you will be prompted about a change in the Host key and asked to confirm and save again.

Does this help?

-bocks

When logging in to a ssh server for the first time with SecureCRT, regarding the host key database, it asks if I want to Accept Once, Accept & Save, or Cancel.
Is there any way to make it automatically Accept & Save every time (for a specific server).
I wanted to let you know that the ability to automatically accept host keys has been added to SecureCRT 5.2, which is in pre-beta testing. If you're interested in trying it, please send e-mail to me at Maureen.Jett@vandyke.com.

Maureen

I wanted to let you know that the ability to automatically accept host keys has been added to SecureCRT 5.2, which is in pre-beta testing. If you're interested in trying it, please send e-mail to me at Maureen.Jett@vandyke.com.

Maureen
Where exactly in SecureCRT 5.2 do I enable this option?

Hi Lordyu,

This option is enabled from a command line option in SecureCRT.

The shortcut for SecureCRT can be modified to include this switch to automatically accept host keys.

The command line would look like the following if SecureCRT was installed to the default location:

C:\Program Files\SecureCRT\SecureCRT.exe /ACCEPTHOSTKEYS

Was this the information needed?

Hi Lordyu,

This option is enabled from a command line option in SecureCRT.

The shortcut for SecureCRT can be modified to include this switch to automatically accept host keys.

The command line would look like the following if SecureCRT was installed to the default location:

C:\Program Files\SecureCRT\SecureCRT.exe /ACCEPTHOSTKEYS

Was this the information needed?
Hi, tnygren. Thanks. But it doesn't seem to work. That confirmation box is still there whenever the IP changes.

Hi Lordyu,

You will also need to specify the host that you connect to on the command line for the '/ACCEPTHOSTKEYS' option to work.

For example, if I am using a session called "local", the command line would look like:

C:\Program Files\SecureCRT\SecureCRT.exe /S "local" /ACCEPTHOSTKEYS

For a specific IP:

C:\Program Files\SecureCRT\SecureCRT.exe /SSH2 127.0.0.1 /ACCEPTHOSTKEYS

Does this help?

C:\Program Files\SecureCRT\SecureCRT.exe /S "local" /ACCEPTHOSTKEYS
Thanks, tnygren. That worked.

Hi Lordyu,

I'm happy to hear that the command line switch is now working!

Please let us know if you have any other questions.

Along similar lines to the original feature request and resulting command line switch;

Is there a setting in a session.ini file that will allow me to automatically "Accept & Save" a new host key?

If there is not a setting in a session.ini to accomplish this, please consider this message a feature request for the same.

I've setup a large collection of .ini session files via a script but now I need to find a way to automatically create the host key database for all my devices.

Thanks.
--Steve

----------------------------------------------------------

I know that many people out there will want to initially reply that this kind of a feature could represents a huge security risk but in my situation, it does not.

I'm working with hundreds of nodes on a closed network (i.e., there is absolutely no access to these devices from the outside), but for reasons beyond my control, I'm still required to use SSH.

I therefore can imagine that a feature like this would be very useful to others working in a similar environment (e.g., HPC clusters with hundreds or thousands of node).

If there are still concerns that this kind of a feature would create too large a security threat, maybe VanDyke Software could mitigate the threat a little by requiring the feature be re-enabled after an initial key has been accepted and saved. In this way, a user could automatically create an initial, Known Hosts, key database (e.g., in a lab environment during the initial and more secure staging of equipment), but would then be notified by SecureCRT if the host's key changes after the initial setup (e.g., if a third party was to attempt a man-in-the-middle attack after the equipment had been deployed).

Hello,

Currently there is not a .ini file option to accept and save hostkeys, but can see how it would help you and others in your situation. You aren't concerned about the hostkey because you know beyond reasonable doubt that the network is secure. I have added your forum post to our request database and if implemented in a future release we'll post a follow up message to this thread. If you would like direct e-mail notification, please let us know (https://secure.vandyke.com/cgi-bin/customer_forms.php?cft=support) and refer to forum thread 456.

If you'd like to spend a few minutes up front to create the hostkeys, you could right click on the Sessions folder in the Connect dialog, then select Connect In Tabs. SecureCRT will attempt to connect to every session (not just SSH). You would be prompted with SSH sessions to accept and save the hostkey. It's not elegant, and depending on how many sessions you have, could take an long time to complete, but it is a fairly straightforward way to get the hostkeys.

If you want to try this method, you should enable Connect to multiple sessions sequentially in Global Options / Terminal / Advanced. If you don't do this and you are trying to connect to hundreds of sessions, chances are that some sessions will time out waiting for you to accept and save the hostkey.

Thanks Mike-D for the response and your suggested work-around.

I look forward to seeing this setting implemented in a future .ini file setting.


Thanks.
--Steve