Package: openssh-client
Version: 1:6.6p1-7
Severity: wishlist
ssh_config(5) says about CheckHostIP:
> This allows ssh to detect if a host key changed due to DNS spoofing.
I think the situations where that detection might be helpful are quite rare.
In the case of spoofing there will always be a message about the changed key
for the hostname.
On the other hand having it set to yes causes annoyance:
* UserKnownHostsFile grows for each host with dynamic DNS
* in networks with DHCP pools and dynamic DNS IPs get shuffled around and
you'll often get false alarms
* updating the hostkey of a multi-IPed server (perhaps a set of servers with
RR DNS) by hand is hard because you have to find all the additional IP
entries (with HashKnownHosts=on this might be even harder)
* when using openssh-known-hosts with filters you filter for hostnames, not
IPs, because you can't know the IPs an organization (such as debian) will
receive next for hosting their services:
+ UserKnownHostsFile will get entries for each IP
+ an updated hostkey in the centrally managed known_hosts file will not be
changed in UserKnownHostsFile leading to false alarms
I guess most people don't and shouldn't have to care about the IP address(es)
the server they connect to currently has, the connection between hostname and
hostkey is enough.
Therefore please set the default for CheckHostIP to no.
Greetings
TimoAttachment:
signature.asc
Description: This is a digitally signed message part.