Questions[known-hosts](server)

While trying to clean up my SSH config and key files on my iMac (macOS Monterey 12.1), I tried to SSH using the verbose flag (-v). This generated output including the following lines:

...
debug1: load_hostkeys: fopen /Users/clint/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen /etc/ssh/ssh_known_hosts2: No such file or directory
...

I know that I tried to create a backup of my known_hosts file (and called it "known_hosts2") but I've since deleted it.

Does anyone know how can I find out why SSH still references (and thinks I have) an old file called 'known_hosts2'?

Thanks!

Is there any chance to skip the known_hosts check without clearing known_hosts or disable it in ssh.conf? I neither have access to known_hosts nor ssh.conf yet. Don't find any suitable in man.

I have some cloud boxes that change their IP frequently.

I ssh using the hostname but have to edit the known_hosts file every time the server launches because of this error message:

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is…

Aside from any security risks and such that are associated with what I want to do, is there a way to either ignore this error or overwrite the known_hosts file automatically such that I don't always have to edit it myself?

I have two machines behind a firewall, with the ssh ports forwarded to 2201 and 2202.

When I

ssh host -p 2201  

it asks if I trust the machine, I say yes, it gets added to ~/.ssh/known_hosts

Then I

ssh host -p 2202  

It doesn't let me, because there's already an entry for this IP in ~/.ssh/known_host:1 (the file was empty when I started, so line 1 is the one added by the previous ssh run).

This happens on CentOS 5.4.

On other distros (I've tried Arch), it appears that ssh matches the known_hosts to the ports too, so I can have multiple fingerprints for multiple ports on the same host/ip without any problems.

How can I get this same behavior for CentOS?

I couldn't find anything in man ssh_config (or at least not without disabling fingerprint checking).

I've found a temporary solution. If the known_hosts file has more than one entry for the same IP, it will check all of them before concluding something is wrong. But I'd really hate this to be the solution.

Here's my situation: I'm setting up a test harness that will, from a central client, launch a number of virtual machine instances and then execute commands on them via ssh. The virtual machines will have previously unused hostnames and IP addresses, so they won't be in the ~/.ssh/known_hosts file on the central client.

The problem I'm having is that the first ssh command run against a new virtual instance always comes up with an interactive prompt:

The authenticity of host '[hostname] ([IP address])' can't be established.
RSA key fingerprint is [key fingerprint].
Are you sure you want to continue connecting (yes/no)?

Is there a way that I can bypass this and get the new host to be already known to the client machine, maybe by using a public key that's already baked into the virtual machine image ? I'd really like to avoid having to use Expect or whatever to answer the interactive prompt if I can.