Disabling host key checking on LAN
Bostjan Skufca
bostjan at a2o.si
Mon Aug 31 23:02:21 AEST 2015
On 30 August 2015 at 18:53, Nico Kadel-Garcia <nkadel at gmail.com> wrote:
>
> On Sun, Aug 30, 2015 at 6:57 AM, Bostjan Skufca <bostjan at a2o.si> wrote:
> > those were my thoughts, exacly, except that I was thinking about using "dig
> > +short HOST | ..." which has the cleanest output of all.
>
> It can get a bit confusing with
> round-robin DNS, which can give multiple responses.
Care to illustrate your use case?
I am having difficulties imagining it:
1. If you are managing particular host, you connect to its IP directly
(possibly via DNS entry).
2. If that DNS entry represents a service that has a load-balanced IP
list, you should not be connecting to arbitrary host in that list, but
use dedicated IP of particular server in that list, or am I missing
something here?
Additional point:
If your environment gets complicated enough, it probably justifies
usage of ProxyCommand directive with reference to dedicated
script/program that does the necessary plumbing (technical and
policy-wise) to set up your connection.
b.
More information about the openssh-unix-dev
mailing list