How to edit known_hosts when several hosts share the same IP and DNS name?

The most straightforward solution here is just to use the same host keys for Linux and OS X. That is, pick one set of /etc/ssh/ssh_host_*_key* files and copy them over to the other OS. Then the same host key will presented to an SSH client regardless of which OS you've booted into, and the SSH client will be none the wiser.


As @Izzy suggested in an above comment, ssh tells you the offending line, and by removing that line, (saving it elsewhere), accepting the new key, and then copying the removed line back, you wind up with two keys for the same host, and ssh will accept either.

(You can also use ssh-keygen -H -F <hostname> to find lines in your known_hosts file that match that hostname. Running this after copying the removed line back should list two entries.)

If anyone knows how to get PuTTY to do the same thing, I'd be very interested to hear about it.


I found this that may help you with what you want to achieve.

Source: https://stackoverflow.com/questions/733753/how-to-handle-ssh-host-key-verification-with-2-different-hosts-on-the-same-but

Create a config file in your .ssh directory as follows:

Host server1
  Hostname x1.example.com
  HostKeyAlias server1
  CheckHostIP no
  Port 22001
  User karl

Host server2
  Hostname x2.example.com
  HostKeyAlias server2
  CheckHostIP no
  Port 22002
  User karl

Explanation Below (from man ssh_config)

CheckHostIP

If this flag is set to "yes", ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. If the option is set to "no", the check will not be executed. The default is "yes".

HostKeyAlias

Specifies an alias that should be used instead of the real host name when looking up or saving the host key in the host key database files. This option is useful for tunneling SSH connections or for multiple servers running on a single host.

The Username and Port line avoids you having to give those options on the command line, too, so you can just use:

% ssh server1
% ssh server2

The easiest way to solve your issue is to give each host an own/distinct IP address. With 253 addresses available in your (private) net and IPv4, that should be no big deal. Give them fixed IPs (as a DHCP server would identify the machine based on the network cards MAC address, and both would get the same address). I do not see any other solution if you want to keep the security measures (which I wouldn't drop for that little "comfort", either).