On 20140212_200320, Lars Noodén wrote:
On 02/12/2014 07:34 PM, Paul E Condon wrote:
...
Question: Suppose I encounter this situation of the 'known host' having
moved to a different IP address (or a different URL?), is there a way
to discover whether the change is due to a proper functioning DynDNS,
or to a somewhat unstealthy man-in-the-middle operation? ...
[...]
A changing IP leads to filling known_hosts with lots of entries, which
is what Zenaan's original question was about. After the first entry for
^^^^^^^^^^^^^^^^^
Yes, but I asked an OT question. The key in knownhosts file is surely
not a private key of the host. Rather it is a key that the host
publishes to identify itself to all incoming traffic. What keeps a
good person, like an well meaning employee of the NSA, from making a
copy of the published key and using the copy to spoof the site, in
order to check up on the legitimacy of the use of the ssh connection?