On 28 August 2015 at 15:10, Nico Kadel-Garcia <nkadel@xxxxxxxxx> wrote: > > In environments where critical server hostnames and IP addresses are > not tied to consistent SSH keys, I'm afraid there is little choice but > to discard the use of known_hosts. > Shouldn't in such complex environments configuration management pre-generate known_hosts from collected facts from hosts? I know it is a hassle, but having a fuse that ensures that you are indeed connecting to what you think you are connecting to is something worth having, or not? b. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev