Re: ssh host ip/id management for dynamic dns servers [OT?]

[Brian <ad44@cityscape.co.uk>]

On Tue 11 Feb 2014 at 06:52:10 -0700, Paul E Condon wrote:

> I'm puzzled about the apparent 'security theater' on this topic.
> Known host checking is done, I think, to defend against 'man in the
> middle', so when the known host key changes because of some event down
> in the bowels of dynamic dns, does one have any possibility of
> determining that it is truly *not* a man-in-the-middle attack? Is there
> some method for checking up on dynamic dns changes other than merely
> noting the new value and adapting to it?

The IP address of the machine may change but its fingerprint doesn't. So
you check that. Some people use 'VisualHostKey yes' as a memory aid.