ssh to host with frequently changing ip

In my previous post here I shared how to start an EC2 server and then set DNS for it. So the DNS record for the server changes every time you perform a stop and start on the it.

This brings up an interesting problem. Every time I try to ssh into this server, I get prompted about the authenticity of the host as shown below

$ ssh [email protected] 
The authenticity of host ' (' can't be established. 
ECDSA key fingerprint is SHA256:wgu7/xxxxxxxxxxxxxxxxxxxxxxxxxxx. 
Are you sure you want to continue connecting (yes/no)? 

After answering ‘yes’ to the above you will see an entry in your ~/.ssh/known_hosts file, ecdsa-sha2-nistp256 AAAAE2...........GlzvCys=

and this goes on and on every time you connect to the server after doing a stop and start with new DNS entry.

You can avoid adding new entries to the known_hosts file by specifying

ssh -o 'CheckHostIP=no' [email protected] 

In fact, if you delete the known host entry and try the above, the new entry  will be of the format ecdsa-sha2-nistp256 AAAAE2...........GlzvCys= 

with no ip listed after the server name.

To make login even easier you can login using an alias for your server.

Define the server alias in your ~/.ssh/config file as shown

Host s1   
  CheckHostIP no   
  User user 

Now you can login just by entering the server alias

ssh s1 

Further reading

Leave a Reply