Hi Andrew,

Could you add "-o UserKnownHostsFile=/dev/null" for ssh so it will not add new host for
known_hosts useful if we often create and destroy vm to prevent stale information.

Thank you

I agree that the IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! warnings are annoying when you're creating and destroying machines, but it's warning you for a reason, and I don't think we should disable them by default. Here are a couple alternatives that might work and won't throw out man-in-the-middle protection:

1. I could add an overcast wrapper around ssh-keygen -R [hostname] that you use manually: overcast forget [instance|cluster|all]. Not sure if "forget" is the right word to use for the command, but something like that.
2. I could run ssh-keygen -R [hostname] automatically during overcast [provider] create and overcast [provider] destroy. This approach will only work if you use Overcast to create/destroy your machines.
3. I could add a --disable-known-hosts flag to the run and ssh commands, but it would have to be used all the time for that instance. Doesn't seem like a great option.

I think options 1 and 2 are the way to go, as that covers both Overcast-managed machines as well as machines managed elsewhere. Thoughts?

References:

• http://superuser.com/questions/30087/remove-key-from-known-hosts
• http://security.stackexchange.com/questions/39990/is-it-safe-to-disable-ssh-host-key-checking-if-key-based-authentication-is-used

I ended up doing the latter two - I don't think it's worth adding a dedicated command. As of 0.4.12, overcast [provider] destroy [instance] and overcast instance remove [instance] now automatically scrub your known_hosts file during deletion.

You can also pass in arbitrary ssh arguments to the overcast run command now, so if you really wanted to you could do the following if you're creating and destroying your machines somewhere else:

overcast run [instance] [command] --ssh-args "-o UserKnownHostsFile=/dev/null"

That sound good. Thank you