search for: expecthostkey

...ou might have in known_hosts 172.16.1.2{ProxyJump user at 10.20.30.40,user2 at 192.168.123.45} <algo> <key> 172.16.1.3{ProxyCommand user at 10.20.30.40:nc 192.168.234.56 22} <algo> <key> the {} part encodes the path by which you reach the host. Alternative might be an "ExpectHostKey" option that can be put in ~/.ssh/config or specified with "-o ExpectHostKey=?" that tells the SSH client "ignore your known_hosts file, the host *will* be using this key". So if you know the public key (e.g. you did a `ssh_keyscan`), you can either: put in .ssh/confi...

...s at the time of its call, or would it figure out that these files are relative to /home/me/workplace/ops/eng-ssh/bigcust-config? If the latter, I could then store that in the git repository (as a *signed* git commit, so it can be authenticated later) which would offer similar benefits to the `ExpectHostKey` I made earlier. -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.

On 18.08.23 07:39, Darren Tucker wrote: > On Fri, 18 Aug 2023 at 15:25, Stuart Longland VK4MSL <me at vk4msl.com> wrote: > [...] >> The crux of this is that we cannot assume the local IPv4 address is >> unique, since it's not (and in many cases, not even static). > > If the IP address is not significant, you can tell ssh to not record > them ("CheckHostIP