unssh: what purpose does it serve?

Today I was reviewing CVS commits to ports, and I saw this flow across my screen:

 Edit ports/security/unssh/Makefile
  Add delta 1.4 2011. pav
 Edit ports/security/unssh/distinfo
  Add delta 1.3 2011. pav
 Delete ports/security/unssh/files/extra-patch-unssh.sh.in

I immediately wondered what unssh was. Apparently it’s a shell script that modifies (removes lines from) your ~/.ssh/known_hosts file when run with the same arguments as ssh.

This immediately made me think “why is this even necessary when OpenSSH has framework to already accomplish this task”? Just edit your ~/.ssh/config and enter the following:

Host gw
StrictHostKeyChecking no

The only difference here is that this will never remove the outdated (“offending”) entry in ~/.ssh/known_hosts and you will continue to see the nasty man-in-the-middle warning every time you SSH to the host “gw”. However, you’ll be able to connect regardless of the warning.

There’s really no harm in ignoring the nastygram when connecting to a machine you know is going to change its SSH identity keys all the time. Really — the person SSH’ing there will already be aware of that (the fact they would go and find/use unssh is proof of that).

Sadly there is no -q equivalent in ssh_config(5), otherwise StrictHostKeyChecking no and Quiet yes would be a great combination for this exact situation.