Friday 26 August 2011

SSH in EC2 cluster without annoying questions

ever wanted to fan-out a file to all your cluster nodes in EC2 using scp? This shows the option you will need to pass into scp/ssh to make sure it does not annoy you (for example in a script) with the questions about the known-hosts:
#!/bin/bash
for host in `cat slaves-to-copy-to`; do
scp -o "StrictHostKeyChecking no" index-config.xml $host:/home/hadoop/index-config.xml
done
The magic is in the option StrictHostKeyChecking (from the ssh man-page):
StrictHostKeyCheckingIf this flag is set to "yes", ssh(1) will never automatically add host keys to the ~/.ssh/known_hosts file, and refuses to connect to hosts whose host key has changed. This provides maximum protection against trojan horse attacks, though it can be annoying when the /etc/ssh/ssh_known_hosts file is poorly maintained or when connections to new hosts are frequently made. This option forces the user to manually add all new hosts. If this flag is set to "no", ssh will automatically add new host keys to the user known hosts files. If this flag is set to "ask", new host keys will be added to the user known host files only after the user has confirmed that is what they really want to do, and ssh will refuse to connect to hosts whose host key has changed. The host keys of known hosts will be verified automatically in all cases. The argument must be "yes", "no", or "ask". The default is "ask".