What are the actual security implications of setting CheckHostIP no
in SSH client configuration?
There are some discussions about this (eg. https://askubuntu.com/a/48339) and recommendations to set it to yes
for extra security (eg. https://security.stackexchange.com/a/8479, https://serverfault.com/a/193634), but some people also say it doesn't really matter for security (https://unix.stackexchange.com/a/285551).
What kinds of attacks are possible with CheckHostIP no
that are prevented/detected with CheckHostIP yes
?
Afterthought: does CheckHostIP no
mean that the SSH key of the target host is not checked at all? If so, how do I securely connect to a machine with dynamic IP address?