https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790611#M740973 Hi Sally,<BR /><BR />It would all depend on how the known_hosts &amp; authorized_keys files are populated.<BR />IF they *only* uses hostnames AND the systems will retain the *same* hostnames AND DNS is changed accordingly then you should be OK.<BR />I generally don't recommend using IPs in those files for exactly this reason.<BR /><BR />HTH,<BR />Jeff Thu, 18 May 2006 10:21:47 GMT Jeff Schussele 2006-05-18T10:21:47Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790610#M740972 Hi,<BR /><BR />We have some password-less ssh/scp setup between certain accounts on some of our servers for evening batch runs, etc. We are moving our servers to a new datacenter and the IP addresses are changing. Would this affect the already setup password-less ssh/scp scripts? Someone mentioned that it is all IP based..... Thu, 18 May 2006 10:13:56 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790610#M740972 Coolmar 2006-05-18T10:13:56Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790611#M740973 Hi Sally,<BR /><BR />It would all depend on how the known_hosts &amp; authorized_keys files are populated.<BR />IF they *only* uses hostnames AND the systems will retain the *same* hostnames AND DNS is changed accordingly then you should be OK.<BR />I generally don't recommend using IPs in those files for exactly this reason.<BR /><BR />HTH,<BR />Jeff Thu, 18 May 2006 10:21:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790611#M740973 Jeff Schussele 2006-05-18T10:21:47Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790612#M740974 I would assume that the host key entries<BR />in the known_hosts files of your IP changed boxes won't match anymore.<BR />Thus ssh will most likely ask for confirmation of this change on first login.<BR />This is to fend off man in the middle or IP spoofing attacks.<BR />On the other hand the RSA keys haven't changed,<BR />and I would assume they should be still valid. Thu, 18 May 2006 10:22:40 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790612#M740974 Ralph Grothe 2006-05-18T10:22:40Z https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790613#M740975 Hey;<BR /><BR />The short answer is "it depends on how you're using ssh"...<BR /><BR />1. If you're using ssh with public key authentication to do this, (the right way), then you'll have an issue the first time you try to connect. The reason is that the remote system's host key is stored in the ~/.ssh/known_hosts file usually in both hostname and IP address format. <BR /><BR />You could, in theory, update that file and replace the old IP address with the new one to circumvent this issue. <BR /><BR />Another possibility would be to generate the system wide ssh_known_hosts with the host keys as appropriate - that way the users will never be asked. <BR /><BR />2. #1 assuming that you're physically moving your systems. If you're only moving your application, then the host keys will change and you'll go through the connection confirmation conversation the first time you try to connect.<BR /><BR />3. There's ways of setting up "rlogin" style access via ssh. This is the wrong way to use ssh. If you're doing that, then you will more than likely have an issue the first time you connect. I'm not all that familiar with this style of usage though. <BR /><BR />HTH;<BR /><BR />Doug O'Leary Thu, 18 May 2006 13:38:21 GMT https://community.hpe.com/t5/operating-system-hp-ux/ssh-question/m-p/3790613#M740975 Doug O'Leary 2006-05-18T13:38:21Z