Preventing SSH RSA host key warnings for change of key vs IP address

9

1

I have a network with DHCP enabled, and also a computer that dual boots operating systems and has different SSH keys on each (and yes, I would like to keep different keys on each rather than copying the same identity/private key to each). Because the IP address does not change between operating systems because the MAC address is the same, when connecting to ssh, even when not using the IP address but the hostname via DNS/mDNS, I get the warning:

Warning: the RSA host key for 'hostname' differs from the key for the IP address '192.168.1.172'
Offending key for IP in /Users/user/.ssh/known_hosts:37
Matching host key in /Users/user/.ssh/known_hosts:38
Are you sure you want to continue connecting (yes/no)?

How can I surpress the warning when the hostname differs from the IP address for that hostname, but retain the ability to check host keys are the same for each hostname? (each OS has a unique hostname)

Adam M-W

Posted 2012-06-17T14:53:07.550

Reputation: 483

Answers

19

Put CheckHostIP no in your ~/.ssh/config file. Example configuration file:

Host foo-win.local foo-win
  Hostname foo-win.local
  CheckHostIP no

Host foo-lin.local foo-lin
  Hostname foo-lin.local
  CheckHostIP no

From ssh_config(5):

CheckHostIP

If this flag is set to "yes", ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to "no", the check will not be executed. The default is "yes".

PleaseStand

Posted 2012-06-17T14:53:07.550

Reputation: 4 051

Worked great, straight away. Thanks for the clear quick and concise answer. – Adam M-W – 2012-06-17T16:16:38.937

Asked: 2012-06-17T14:53:07.550

Viewed: 5 041 times

Active: 2012-06-17T15:18:54.690