SSH: known_hosts problem w new IP address is asigned by DHCP

[andy64]

I have a question for the SSH experts:

I'm trying to set up SSH between two of my PCs. I was successful in configuring everything so that it seems to work. But after a while I found the following problem:

both PCs are connected via a switch/router to the Internet (DSL access). After some time (usually more than a day), the DHCP server (?) inside the switch assigns different IP addresses to the PCs (192.168.1.10x).

When I then connect via SSH to the other machine, I get an warning, that possibly the host ssh key has changed or that there is a man-in-the-middle-attack.

When I check the file known_hosts, I see that it has the following format:

192.168.1.103 ssh-rsa AAAj8d74g487gd87gd8...[...]...hjgjzz=

whereas the id_dsa.pub has the following format:
ssh-dss gd9gdgh9d8dgh...[...]... zutM= name@localnet.net

the first file ("known_hosts") is generated automatically, if I say the new connection should be used (after the warning message)

In the first file the IP address is stored, while in the second the symbolic name is stored.

Isn't this a conceptual flaw? Instead of the IP of the host (which always can change), a name would be much better, e.g. serverx@localnet.net


How do I handle this case with changing IP addresses? Please don't recomment to configure the router to not change the IP address. I don't have access to the router and I think the DHCP is allowed the change the IP address.

[think4urs11]

Hi!

You will have to use the option CheckHostIP in ssh_config.
Set it to NO in order to disable it.
The intention behind this option is to prevent DNS spoofing.

HTH
T.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself