SSH known-hosts stuff

ssh

#1

Currently, when you ssh into a build machine:

ssh -p 64661 ubuntu@54.90.123.234

You get all this noise, it fills up known_hosts, and I suspect eventually key clashes, since AFAIK the keys are regenerated each build?

The authenticity of host '[54.90.123.234]:64661 ([54.90.123.234]:64661)' can't be established.
ECDSA key fingerprint is SHA256:64BZGerX0gV8dfhwaDx2d6NzQBug2dVTmDSFJgj90.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[54.90.123.234]:64661' (ECDSA) to the list of known hosts.

Now, we can fix that on the client side via:

ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -p 64600 ubuntu@54.90.123.234

But if the ssh mapped to a domain name (eg. 54-90-123-234.build.circleci.com) then we could add something to our .ssh/config file to permanently suppress it:

Host *.build.circleci.com 
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  User ubuntu
  LogLevel QUIET

Then the instructions could become:

ssh 54-90-123-234.build.circleci.com

Thoughts?


#2