blog

Sometimes it's neccessary to ssh to an IP which may have multiple servers behind it, for example when two systems are sharing an IP using keepavlied. Per spec it's perfectly valid to have the public fingerprints of multiple servers stored in .ssh/known_hosts. Luckily, there's also a tool named ssh-keyscan which will provide the public SSH host keys from remote hosts.

Alltogether, this makes creating the required entries in .ssh/known_host quite simple: Assuming the public fingerprints from 192.0.2.20, .21 and .22 should be stored for a shared IP 192.168.2.10, the following loop should suffice:

for IP in 192.0.2.20 192.0.2.21 192.0.2.22
do
  ssh-keyscan ${IP} 2>/dev/null | sed "s/^${IP}/192.0.2.10/"
done