Different HostKeys for different hostnames or IPs in the same sshd?..

Coy Hile coy.hile at coyhile.com
Wed Sep 21 10:54:21 EST 2011


On Tue, Sep 20, 2011 at 8:12 PM, Mikhail T. <mi+thun at aldan.algebra.com> wrote:

> So, we want to use an "umbrella" DNS name "service.example.net" to control
> the destination. Under normal circumstances, it is a CNAME for the
> "service-primary.example.net", but in case of a disaster, it will be changed
> to "service-dr.example.net".
>
> How do we configure things so that the users and the automated scripts
> aren't "freaked-out" by the key of "service.example.net" suddenly changing,
> when the DNS is changed? Other than both machines using the same  hostkey,
> of course...

In the cases where I've had a handful of boxes behind a single DNS RR,
I took the poor man's way out and ensured that all six boxes in that
farm had the same hostkeys via an administrative process.

--
Coy


More information about the openssh-unix-dev mailing list