A SSH host resolving to two of more IP address
I have a DNS entry to host name which resolve to two or more IP address. It seems like we are getting MITM warning due to this intentional configuration. What is the way to overcome this. Should we disable StrictHostKeyChecking but that would not be a good idea. I am wondering what is the recommendations.
Are both IP addresses valid? Dose your DNS resolve both? You can ssh to the IP address instead. Either that or create secondary DNS names (aliases) for each IP address.
Simple solution will be to setup an alias for 2x ssh commands, each using a hardcoded IP rather than host -> IP lookup.
If you ssh to IPs, rather than hosts, no requirement for StrictHostKeyChecking juggling.
If you ssh to IPs, rather than hosts, no requirement for StrictHostKeyChecking juggling.
You can setup the systems with the same identifying secret used for the servers as well.
The files are the /etc/ssh/* files. (You may need to verify the config and compare to differences before overwriting).
You will need to do this again if any system gets replaced, or when you want to issue new keys.
(cleaning the directory and restarting the server SHOULD repopulate the /etc/ssh directory with new files generated from new random numbers).
Unless you have a common disk used by all systems for the user's, the ID secrets (public keys, private keys), for users need to be lugged around as well.
Premium Content
You need an Expert Office subscription to comment.Start Free Trial