SSH to 1 server from 2 different servers which have same hostname [closed]

ssh

There is 2 servers for production and DR. Both servers are RHEL 7 and same spec.

Both have same host name and different IP address. We need to connect to same outside servers over SSH without password.

When we tried to connect from DR server, it showed warning with message as below.

Permission denied (publickey,gssapi-keyex,gssapi-with-mic,keyboard-interactive).
fromserver:user1$ ssh  user2@dest-server
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
The ECDSA host key for dest-server has changed,
and the key for the corresponding IP address 10.126.**.**
is unchanged. This could either mean that
DNS SPOOFING is happening or the IP address for the host
and its host key have changed at the same time.
Offending key for IP in /home/user1/.ssh/known_hosts:111
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ECDSA key sent by the remote host is
SHA256:***********************************************.
Please contact your system administrator.
Add correct host key in in /home/user1/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in in /home/user1/.ssh/known_hosts:111
Password authentication is disabled to avoid man-in-the-middle attacks.
Keyboard-interactive authentication is disabled to avoid man-in-the-middle attacks.
*********************************************************************

My question is how I can avoid this message and enable ssh login without password. Is it possible avoid this message?


Have different host names in DNS for administrative functions including ssh. Making up my own example, thingprod1.example.net and thingprod2.example.net, with thingprod.example.net as a service address pointing the active side. Sysadmins use the host name, user applications use the service address.

ssh's DNS spoofing and host key change warnings are security features to detect interception of ssh traffic. They rely on the host key remaining the same for a name and IP.

Related

Trying to resurrect 10 year old software - can't activate Windows Server 2008 R2 and problems with Activate by Phone
What is a projective ideal?
Prove that the only prime triple is 3, 5, 7 [duplicate]
Constructive proof of a problem from the book Analysis by Terence Tao [duplicate]
Expected number of steps to transform a permutation to the identity
How to compose two functions?
Simplify $\sum_{i=0}^n (i+1)\binom ni$
Showing that two maps of the sphere are homotopic if their values are never antipodal
Reducibility of $x^3+nx+1$ over $ \Bbb Z$
Solution of a differentiation in integral form
How to prove $4(n!)>2^{n+2}$ for $ n\geq 4$ with induction [duplicate]
A union of two subspaces not equal to the vector space. [duplicate]