SSH Host key verification issues using VIP

We have 2 production servers on a VIP, only one is in use at a time, for example:

myservice.mycompany.uk normally points to server1, in the event that server1 fails it is changes to point at server2.

There are some other servers which need to send files to myservice.mycompany.uk via SFTP and it should be totally transparent to them if we failover to server2.

The problem is that while the keys are installed on both server1 and server2, the other servers will have host key verification issues, because the host key of server2 is different to the host key of server1. This causes a security error (since strict checking is on), and a line must be removed from known_hosts to make it work.

Our IT guy has suggested that we can create 2 entries in known_hosts, one with the key for server1 and one with server2, both with the host myservice.mycompany.uk.

Is that likely to work? How can this be done with putty/psftp on windows? Since the host key is stored in the registry and duplicate names are not allowed. Is there a better way, can we for example, force the servers to have the same host key?


To make it easier for the clients, I would just use the same host key on both machines. Just copy one of the keys (the one of the server currently in use) to the second machine. They keys are in /etc/ssh/ssh_host_*.

Another option is to deactivate host key checking on clients. This can be done by tuning their ssh_config to use:

Host myservice.mycompany.uk
    StrictHostKeyChecking