rsync through multiple ssh hops with password authentication prompt

Wayne Davison wayned at
Fri Oct 21 16:35:04 GMT 2005

On Fri, Oct 21, 2005 at 11:55:22AM -0400, Jay Fenlason wrote:
> If you have the keys for both hosts in your ~/.ssh/known_hosts file,
> ssh doesn't complain at all, even with host checking enabled.

It would complain if the "HostKeyAlias" config item wasn't used (and the
known_hosts file already had a conflicting entry for "localhost") which
was my point -- my statement was (at least intended as) a compliment to
Matt on noticing the proper ssh config items to make the tunnel work and
get the keys associated with the correct hostnames.

> The fun part is getting both entries into the file in the first place.

I haven't had a problem with that when using the StrictHostKeyChecking
option to ssh.  Setting it to "ask" makes ssh ask me if it should add a
new key, and it then takes care of maintaining the entries in the
known_hosts file.  You can either set this option in your ~/.ssh/config
file (and make sure you don't train your fingers to automatically answer
"yes" to an unexpected unknown-hostkey prompt), or you can specify the
option only when needed on the command-line for ssh (use "no" or "ask"):

    ssh -o StrictHostKeyChecking=no host


More information about the rsync mailing list