Ignore known-hosts security in SSH for some addresses

ssh

I have a router with a lot of computers on it. It has DHCP, so they are assigned IP addresses by the time they log in.

Because their IPs are shuffled every day, I get a lot of

WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

messages from SSH.

Is there any way to tell ssh to ignore the man-in-the-middle security on all addresses in the 192.168.2.* range but keep the security for everything else?

Best Answer

The best way to solve the problem would be to use names instead of addresses – a hostname always stays the same when the address changes. Some routers have DNS support built in (you could hook dhcpd into bind9 for DNS). Using Avahi for *.local names is also easy.

If you don't want that, you can tell SSH to never store the keys:

Host 192.168.2.*
    UserKnownHostsFile /dev/null
    StrictHostKeyChecking no

But IMHO that's just lazy. :)