Darren Tucker
2023-Aug-18 05:39 UTC
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote: [...]> The crux of this is that we cannot assume the local IPv4 address is > unique, since it's not (and in many cases, not even static).If the IP address is not significant, you can tell ssh to not record them ("CheckHostIP no"). [...]> Host mytarget > Hostname 172.16.1.2 > ProxyJump user2 at bastion2I think you just need "HostKeyAlias mytarget" here. -- Darren Tucker (dtucker at dtucker.net) GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Stuart Longland VK4MSL
2023-Aug-18 07:17 UTC
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18/8/23 15:39, Darren Tucker wrote:>> Host mytarget >> Hostname 172.16.1.2 >> ProxyJump user2 at bastion2 > I think you just need "HostKeyAlias mytarget" here.Ahh, in my scanning through the `ssh_config` manpage, I missed this, and change logs seem to indicate this feature has been around since at least 2017, so should not cause compatibility issues with the other users. No problems, I just tried it out, and already, things are a _lot_ more sane. I'll give it a try more long-term and see how it fares. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Possibly Parallel Threads
- Host key verification (known_hosts) with ProxyJump/ProxyCommand
- Host key verification (known_hosts) with ProxyJump/ProxyCommand
- Host key verification (known_hosts) with ProxyJump/ProxyCommand
- Host key verification (known_hosts) with ProxyJump/ProxyCommand
- Host key verification (known_hosts) with ProxyJump/ProxyCommand