On Tue, 29 Sep 2020, Nico Kadel-Garcia wrote: > As I understand this option, it does not help at all with the nearly > inevitable re-use of the same IP address for a different host with a > different hostkey in, for example, a modest DHCP based environment. > Such environments are common both in smaller, private networks and in > large public networks, and it's perhaps startlingly common in cloud > environments: it's one of the reasons I'm so willing to disable > $HOME/.ssh/known_hosts. Again, you should read the documentation for CheckHostIP. Turing it off makes known_hosts solely bind to hostnames and, as long as you use names to refer to hosts, avoids any problems caused by IP address reuse. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
