Re: ssh host ip/id management for dynamic dns servers

To: debian-user@lists.debian.org
Subject: Re: ssh host ip/id management for dynamic dns servers
From: "Karl E. Jorgensen" <karl@jorgensen.org.uk>
Date: Tue, 11 Feb 2014 11:04:23 +0000
Message-id: <20140211110423.GB13514@hawking>
In-reply-to: <CAOsGNSTRSFDXbCsURWww8VNbbyKhQjo56_91sxo3K7c--9Ko1A@mail.gmail.com>
References: <CAOsGNSTRSFDXbCsURWww8VNbbyKhQjo56_91sxo3K7c--9Ko1A@mail.gmail.com>

Hi

On Tue, Feb 11, 2014 at 09:53:32AM +1100, Zenaan Harkness wrote:
> With a dyndns type server, each time a new ip address happens, ssh
> login adds a new entry to .known_hosts
> 
> Is there a recommended way to handle this?

Turn off CheckHostIP ?

For the uninitiated, in your ~/.ssh/config file:

Host {{dns-name-of-host}}
     CheckHostIP no

See ssh_config(5) for details - the relevant part is:
     CheckHostIP
             If this flag is set to “yes”, ssh(1) will additionally check the host IP
             address in the known_hosts file.  This allows ssh to detect if a host key
             changed due to DNS spoofing.  If the option is set to “no”, the check
             will not be executed.  The default is “yes”.

Hope this helps

-- 
Karl E. Jorgensen

Reply to:

References:
- ssh host ip/id management for dynamic dns servers
  - From: Zenaan Harkness <zen@freedbms.net>

Prev by Date: Re: ssh host ip/id management for dynamic dns servers
Next by Date: Re: ssh host ip/id management for dynamic dns servers
Previous by thread: Re: ssh host ip/id management for dynamic dns servers
Next by thread: Xen + virt-manager errors
Index(es):
- Date
- Thread