On 2024-10-17 19:26, Nico Kadel-Garcia wrote: > > Thank you! Increasing the verbosity revealed a known_hosts entry linked > > to serverA's IP address (I had forgotten that I had connected to it by > > IP address at some point). Deleting this entry solved the problem; the > > new host key was stored in known_hosts when I connected to serverA > > again. > > > > - Jan > > And... *THIS* is why so many people disable known_hosts entirely. The > chance of an IP address being reused for a distinct hostname is pretty > high in a DHCP environment without reservations, coupled with dynamic > DNS. It's also very common when servers get rebuilt from images and > fresh hostkeys generated automatically on the same hardware, even with > the same IP address. The popular solution is to simply disable > known_hosts in your ~/.ssh/config as needed: > > # Disable known_hosts to avoid IP re-use conflicts > Host * > UserKnownHostsFile /dev/null > StrictHostKeyChecking no > LogLevel ERROR Thanks for the hint. How would I verify a server's identity without known_hosts / StrictHostKeyChecking? - Jan
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev