Permanently added hostkeys (due to IP address pool), without confirmation

Damien Miller djm at mindrot.org
Sat Oct 10 09:00:21 AEDT 2015


On Fri, 9 Oct 2015, Steffen Nurpmeso wrote:

> Hello,
> 
> maybe someone could please help and shed some light on a problem
> that i don't understand, and that even in multiple ways.
> The problem occurred three or four times over the past months
> (maybe half a year?) and manifests as
> 
>   ++ Pushing to "gitlab" (at least "master" differs)!
>   Warning: Permanently added the RSA host key for IP address '104.46.105.89' to the list of known hosts.
> 
> I get no confirmation prompt, which i normally do?!
> Of course i do have a configuration file with an
> 
>   UserKnownHostsFile        ~/arena/data/ssh/known_hosts
> 
> entry, and that already has a
> 
>   gitlab.com,54.93.71.23  DATA
> 
> line for months.  I do have a "Host" entry for "*gitlab.org" (with
> explicit IdentityFile).  The entry in known_hosts that i (hope to
> have confirmed correctly back then) is not identical with the
> other two entries, but which are, except for the addresses
> 
>   --- k.1 2015-10-09 18:09:10.511793883 +0200
>   +++ k.2 2015-10-09 18:09:26.508373888 +0200
>   @@ -1,2 +1,2 @@
>   -52.21.36.51
>   +104.46.105.89
>    ssh-rsa ...

You have CheckHostIP enabled (it is on by default) and some DNS server
or hosts file is returning 104.46.105.89 for that hostname. When ssh
connects to 104.46.105.89, it is offering the same key as you have
already learned for 52.21.36.51, so it is automatically added to
known_hosts.

See ssh_config's entry on CheckHostIP for a few more details.

-d


More information about the openssh-unix-dev mailing list