SSH UserKnownHostsFile

Ahhh, how awesome is it that you can set the UserKnownHostsFile property for ssh connections to /dev/null for specific host connections in your ~/.ssh/config file? Fabulous!

Every so often, we have to migrate application resources from one of the nodes in our cluster to another node, or migrate services from one cluster to an entirely different cluster. As a result, the CNAMES we used to access those application resources get registered to different hostnames. This causes ssh to burp when trying to connect:

The RSA host key for xxxxxx has changed,
 and the key for the corresponding IP address aaa.bbb.ccc.ddd
 is unknown. This could either mean that
 DNS SPOOFING is happening or the IP address for the host
 and its host key have changed at the same time.

Yes, yes I know we moved the services around, now stop being paranoid and connect me already! I used to either wipe out the known_hosts file, or delete the offending line from it. Now, for hosts that match a specific pattern, I can just configure the ssh client to not track those hostnames:

Host xxxx
  UserKnownHostsFile /dev/null
  StrictHostKeyChecking no

That should save me 13 seconds every few days 🙂

Leave a Reply