Known hosts and dynamic IP addresses

Darren Tucker dtucker at zip.com.au
Mon Jul 7 07:36:47 EST 2003


Hadmut Danisch wrote:
> On Sun, Jul 06, 2003 at 08:38:54PM +0200, Thomas Binder wrote:
> > CheckHostIP no
>
> I urgently need to have the check performed, just with
> the dns name.

That's what "CheckHostIP no" does.  What happened when you tried it?

$ man ssh_config
[snip]
 CheckHostIP
      If this flag is set to ``yes'', ssh  will  additionally
      check  the  host  IP  address  in the known_hosts file.
      This allows ssh to detect if a host key changed due  to
      DNS  spoofing.   If  the  option  is set to ``no'', the
      check will not be executed.  The default is ``yes''.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list