ssh and dhcp interactions? - SSH

This is a discussion on ssh and dhcp interactions? - SSH ; I'm wondering if I'll have ssh complaining about hostkeys if I boot up servers with IP addresses assigned from a pool by DHCP? The reason I wonder is that examination of a typical ~/.ssh/known_hosts file shows each line has a ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: ssh and dhcp interactions?

  1. ssh and dhcp interactions?

    I'm wondering if I'll have ssh complaining about hostkeys if
    I boot up servers with IP addresses assigned from a pool
    by DHCP?

    The reason I wonder is that examination of a typical ~/.ssh/known_hosts
    file shows each line has a name and an IP addr.

    If the IP addr is different the next time I talk to the machine
    with that name is it gonna complain? Or want me to add a new
    known_hosts entry with the new name,ip pair? Or complain that
    some other machine had that IP the last time it recorded an entry?

    I'm just trying to figure out how much trouble getting away from
    static IPs might get me into before I find myself sinking in the
    swamp :-).

    Thanks for any info you can provide.

  2. Re: ssh and dhcp interactions?

    On Mon, 11 Feb 2008 17:30:31 -0600 Tom Horsley wrote:

    | I'm wondering if I'll have ssh complaining about hostkeys if
    | I boot up servers with IP addresses assigned from a pool
    | by DHCP?
    |
    | The reason I wonder is that examination of a typical ~/.ssh/known_hosts
    | file shows each line has a name and an IP addr.
    |
    | If the IP addr is different the next time I talk to the machine
    | with that name is it gonna complain? Or want me to add a new
    | known_hosts entry with the new name,ip pair? Or complain that
    | some other machine had that IP the last time it recorded an entry?

    SSH has to take into consideration that a hostname can have multiple IP
    addresses and can change them, either dynamically in DNS, or simply due
    to re-assignment, which is what DHCP is doing. If you refer to the host
    by IP address, you will obviously have to change what you refer to. And
    that will create a new entry in known_hosts if you have not connected
    there before. If you refer to the hostname, the IP lookup has to match,
    such as by dynamic DNS. In any case, it appears that recent SSH versions
    will record both IP and hostname on a known_hosts record. Before it was
    just one or the other (or record 2 records). I'm going to guess that it
    can now deal with the fact that a given hostname might actually refer to
    more than 1 physical host, and record the distinction by IP address. But
    that could be wrong; it is just a guess. If that guess is right, the only
    case you will have a problem with is if you have 2 different machines by
    the same name, and connect to one of them by one IP, and later on connect
    to the other by the SAME IP the first one once had. I would get around
    this by causing all the machines with the same name to have the same
    host key (by generating it on one and copying that to the others).


    | I'm just trying to figure out how much trouble getting away from
    | static IPs might get me into before I find myself sinking in the
    | swamp :-).

    How will you be making reference to those servers to connect to them?
    By hostname? By IP address?

    --
    |---------------------------------------/----------------------------------|
    | Phil Howard KA9WGN (ka9wgn.ham.org) / Do not send to the address below |
    | first name lower case at ipal.net / spamtrap-2008-02-11-2005@ipal.net |
    |------------------------------------/-------------------------------------|

  3. Re: ssh and dhcp interactions?

    On Tue, 12 Feb 2008 02:12:49 +0000, phil-news-nospam wrote:

    > How will you be making reference to those servers to connect to them? By
    > hostname? By IP address?


    Definitely by name, with dynamic IP, it would be more trouble
    than it was worth to find out the IP in order to use it.

    (Of course, that also probably means I'll need to run a DNS server
    that gets updated by dhcp, but there are web pages out there
    on setting that up which I merely have to plow through for
    several days :-).

  4. Re: ssh and dhcp interactions?

    >>>>> "TH" == Tom Horsley writes:

    TH> I'm wondering if I'll have ssh complaining about hostkeys if I
    TH> boot up servers with IP addresses assigned from a pool by DHCP?

    TH> The reason I wonder is that examination of a typical
    TH> ~/.ssh/known_hosts file shows each line has a name and an IP addr.

    TH> If the IP addr is different the next time I talk to the machine
    TH> with that name is it gonna complain? Or want me to add a new
    TH> known_hosts entry with the new name,ip pair? Or complain that some
    TH> other machine had that IP the last time it recorded an entry?

    TH> I'm just trying to figure out how much trouble getting away from
    TH> static IPs might get me into before I find myself sinking in the
    TH> swamp :-).

    TH> Thanks for any info you can provide.

    Set "CheckHostIP no" in ~/.ssh/config to have SSH ignore the server's IP
    address during server authentication.

    --
    Richard Silverman
    res@qoxp.net


+ Reply to Thread