Permanently added hostkeys (due to IP address pool), without confirmation

Damien Miller djm at
Sat Oct 10 09:00:21 AEDT 2015

On Fri, 9 Oct 2015, Steffen Nurpmeso wrote:

> Hello,
> maybe someone could please help and shed some light on a problem
> that i don't understand, and that even in multiple ways.
> The problem occurred three or four times over the past months
> (maybe half a year?) and manifests as
>   ++ Pushing to "gitlab" (at least "master" differs)!
>   Warning: Permanently added the RSA host key for IP address '' to the list of known hosts.
> I get no confirmation prompt, which i normally do?!
> Of course i do have a configuration file with an
>   UserKnownHostsFile        ~/arena/data/ssh/known_hosts
> entry, and that already has a
>,  DATA
> line for months.  I do have a "Host" entry for "*" (with
> explicit IdentityFile).  The entry in known_hosts that i (hope to
> have confirmed correctly back then) is not identical with the
> other two entries, but which are, except for the addresses
>   --- k.1 2015-10-09 18:09:10.511793883 +0200
>   +++ k.2 2015-10-09 18:09:26.508373888 +0200
>   @@ -1,2 +1,2 @@
>   -
>   +
>    ssh-rsa ...

You have CheckHostIP enabled (it is on by default) and some DNS server
or hosts file is returning for that hostname. When ssh
connects to, it is offering the same key as you have
already learned for, so it is automatically added to

See ssh_config's entry on CheckHostIP for a few more details.


More information about the openssh-unix-dev mailing list