30
10
I regularly ssh into a computer which is a dual-boot OS X / Linux computer. The two OS instance do not share the same host key, so they can be seen as two host sharing the same IP and DNS. Let's say the IP is 192.168.0.9
, and the names are hostname
and hostname.domainname
As far as I understood, the solution to be able to connect to the two host is to add them both to the ~/.ssh/know_hosts
file. However, it is easier said than done, because the file is hashed, and has probably several entries per host (192.168.0.9
, hostname
, hostname.domainname
). As a consequence, I have the following warning
Warning: the ECDSA host key for 'hostname' differs from the key for the IP address '192.168.0.9'
Is there an easy way to edit the known_hosts
file, while keeping the hashes. For example, how can I find the lines corresponding to a given hostame? How can I generate the hashes for some known hosts?
The ideal solution would allow me to connect to seamlessly to this computer with ssh, no matter whether I call it 192.168.0.9
, hostname
or hostname.domainname
, nor if it uses its Linux hostkey or its OSX hostkey. However, I still want to receive a warning if there is a real man-in-the middle attack, i.e. if another key than these two is used.
3There are a few cases when it is reasonable to use one IP address to access multiple entities (each with individual SSH host keys) and still maintain strict control that ONLY those host keys are the ones seen by the SSH client. E.g some high availability setups where a cluster of units are accessed using one shared IP address but where (for some reason) the SSH host key seen by clients changes depending on which cluster unit it is that currently is active. Another case is when multiple SSH hosts are behind a NATed firewall and accessed from the outside, they all will seem to have the same IP. – IllvilJa – 2015-04-02T14:57:52.117
What is it that you want to do? Edit it for what? – Rhyuk – 2012-07-05T13:56:05.803
@Rhyuk: Edit it to be able to recognize as valid both the OSX and the linux host key for the IP address, the hostname and hostname.domainname. – Frédéric Grosshans – 2012-07-05T14:52:43.253
@Rhyuk: I've edited th question. Is it more clear now ? – Frédéric Grosshans – 2012-07-05T15:06:06.873
2Have you simply considered making both installations have the same key? – Zoredache – 2012-07-05T16:17:11.007
Yes, but I'd prefer not to. Currently they are even different kinds of key (
ssh-rsa
andecdsa-sha2-nistp256
)! It probably comes from different default sshd configurations... – Frédéric Grosshans – 2012-07-05T16:44:47.293