Good way to handle host key checking on multiple networks?

I have a laptop and multiple networks that I visit. When I'm on network Alpha, I want to ssh 192.168.1.10, which is a webserver. When I'm on network Beta, I want to ssh 192.168.1.10, which is a file-server.

Because I'm visiting two different machines with the same IP, I get the big banner

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!

But all that's really happening is that I'm on a different private network, so the context of my ssh command is different.

I know I can do ssh -o StrictHostKeyChecking=no and bypass the check, but is there a way to keep checking (hey I'd like to know if one of the hosts actually changed) but make it network-aware?

Solution 1:

Implement IPv6. Add globally unique addressees to hosts, and to DNS. Which network becomes obvious by /64 subnets.

A big project just for your administrative convenience, maybe. But it may become a bigger problem if an organization ever merges or restructures or uses VPNs, introducing address conflicts.

Solution 2:

Add something like this to /etc/hosts:

192.168.1.10    alpha-webserver    beta-fileserver

Then use ssh user@alpha-webserver or ssh user@beta-fileserver.

The ssh known hosts file uses the name you give as the key, so just use 2 different names instead of 1 IP. Might be useful in other context also -- a name is always less error-prone than a number :)