Permanently added hostkeys (due to IP address pool), without confirmation
djm at mindrot.org
Sat Oct 10 09:00:21 AEDT 2015
On Fri, 9 Oct 2015, Steffen Nurpmeso wrote:
> maybe someone could please help and shed some light on a problem
> that i don't understand, and that even in multiple ways.
> The problem occurred three or four times over the past months
> (maybe half a year?) and manifests as
> ++ Pushing to "gitlab" (at least "master" differs)!
> Warning: Permanently added the RSA host key for IP address '220.127.116.11' to the list of known hosts.
> I get no confirmation prompt, which i normally do?!
> Of course i do have a configuration file with an
> UserKnownHostsFile ~/arena/data/ssh/known_hosts
> entry, and that already has a
> gitlab.com,18.104.22.168 DATA
> line for months. I do have a "Host" entry for "*gitlab.org" (with
> explicit IdentityFile). The entry in known_hosts that i (hope to
> have confirmed correctly back then) is not identical with the
> other two entries, but which are, except for the addresses
> --- k.1 2015-10-09 18:09:10.511793883 +0200
> +++ k.2 2015-10-09 18:09:26.508373888 +0200
> @@ -1,2 +1,2 @@
> ssh-rsa ...
You have CheckHostIP enabled (it is on by default) and some DNS server
or hosts file is returning 22.214.171.124 for that hostname. When ssh
connects to 126.96.36.199, it is offering the same key as you have
already learned for 188.8.131.52, so it is automatically added to
See ssh_config's entry on CheckHostIP for a few more details.
More information about the openssh-unix-dev