How to edit known_hosts when several hosts share the same IP and DNS name

opensshssh

I regularly ssh into a computer which is a dual-boot OS X / Linux computer. The two OS instance do not share the same host key, so they can be seen as two host sharing the same IP and DNS. Let's say the IP is 192.168.0.9, and the names are hostname and hostname.domainname

As far as I understood, the solution to be able to connect to the two host is to add them both to the ~/.ssh/know_hosts file. However, it is easier said than done, because the file is hashed, and has probably several entries per host (192.168.0.9, hostname, hostname.domainname). As a consequence, I have the following warning

Warning: the ECDSA host key for 'hostname' differs from the key for the IP address '192.168.0.9'

Is there an easy way to edit the known_hosts file, while keeping the hashes. For example, how can I find the lines corresponding to a given hostame? How can I generate the hashes for some known hosts?

The ideal solution would allow me to connect to seamlessly to this computer with ssh, no matter whether I call it 192.168.0.9, hostname or hostname.domainname, nor if it uses its Linux hostkey or its OSX hostkey. However, I still want to receive a warning if there is a real man-in-the middle attack, i.e. if another key than these two is used.

Best Answer

The most straightforward solution here is just to use the same host keys for Linux and OS X. That is, pick one set of /etc/ssh/ssh_host_*_key* files and copy them over to the other OS. Then the same host key will presented to an SSH client regardless of which OS you've booted into, and the SSH client will be none the wiser.