Human readable .ssh/known_hosts?

Damien Miller djm at mindrot.org
Wed Sep 30 12:56:13 AEST 2020


On Tue, 29 Sep 2020, Nico Kadel-Garcia wrote:

> As I understand this option, it does not help at all with the nearly
> inevitable re-use of the same IP address for a different host with a
> different hostkey in, for example, a modest DHCP based environment.
> Such environments are common both in smaller, private networks and in
> large public networks, and it's perhaps startlingly common in cloud
> environments: it's one of the reasons I'm so willing to disable
> $HOME/.ssh/known_hosts.

Again, you should read the documentation for CheckHostIP. Turing it off
makes known_hosts solely bind to hostnames and, as long as you use names
to refer to hosts, avoids any problems caused by IP address reuse.


More information about the openssh-unix-dev mailing list