Re: Permanently added hostkeys (due to IP address pool), without confirmation

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 9 Oct 2015, Steffen Nurpmeso wrote:

> Hello,
> 
> maybe someone could please help and shed some light on a problem
> that i don't understand, and that even in multiple ways.
> The problem occurred three or four times over the past months
> (maybe half a year?) and manifests as
> 
>   ++ Pushing to "gitlab" (at least "master" differs)!
>   Warning: Permanently added the RSA host key for IP address '104.46.105.89' to the list of known hosts.
> 
> I get no confirmation prompt, which i normally do?!
> Of course i do have a configuration file with an
> 
>   UserKnownHostsFile        ~/arena/data/ssh/known_hosts
> 
> entry, and that already has a
> 
>   gitlab.com,54.93.71.23  DATA
> 
> line for months.  I do have a "Host" entry for "*gitlab.org" (with
> explicit IdentityFile).  The entry in known_hosts that i (hope to
> have confirmed correctly back then) is not identical with the
> other two entries, but which are, except for the addresses
> 
>   --- k.1 2015-10-09 18:09:10.511793883 +0200
>   +++ k.2 2015-10-09 18:09:26.508373888 +0200
>   @@ -1,2 +1,2 @@
>   -52.21.36.51
>   +104.46.105.89
>    ssh-rsa ...

You have CheckHostIP enabled (it is on by default) and some DNS server
or hosts file is returning 104.46.105.89 for that hostname. When ssh
connects to 104.46.105.89, it is offering the same key as you have
already learned for 52.21.36.51, so it is automatically added to
known_hosts.

See ssh_config's entry on CheckHostIP for a few more details.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux