Multiple entries for cluster in hashed known_hosts

[Theo Markettos]

I'm using OpenSSH to login to a cluster, where I'm allocated a node by the
DNS. Each node has a different host key, so logging into 'cluster.domain'
rather than 'cluster17.domain' often gives me a 'Man in the middle' host key
warning (as it should).

There's some syntax in the .ssh/known_hosts file to indicate that a machine
may be known by more than one name, and provide a realname-real IP mapping:

cluster17.domain,cluster.domain,10.0.0.17,10.0.0.18 ssh-rsa AAA....xyz
cluster18.domain,cluster.domain,10.0.0.17,10.0.0.18 ssh-rsa AAA....abc

But I'm using OpenSSH 4, which has hashed domains. So the normal entries
look like:

|1|Dde5g6...=|adh3c5d...= ssh-rsa AAA...

How do I represent the cluster syntax in this form? Let's assume I can use
-oStrictHostKeyChecking=no to get the keys into the file in the first place
(my clusters aren't too big, so I can just run a few SSH commands until I
happen to capture the keys for all of them).

Thanks
Theo

[Dag-Erling Smørgrav]

Theo Markettos <theom...@chiark.greenend.org.uk> writes:
> How do I represent the cluster syntax in this form? Let's assume I can use
> -oStrictHostKeyChecking=no to get the keys into the file in the first place

add -oHashKnownHosts=no and Bob's your uncle.

DES
--
Dag-Erling Smørgrav - d...@des.no

[Theo Markettos]

Dag-Erling Sm?rgrav <d...@des.no> wrote:
> Theo Markettos <theom...@chiark.greenend.org.uk> writes:
> > How do I represent the cluster syntax in this form? Let's assume I can
> > use -oStrictHostKeyChecking=no to get the keys into the file in the
> > first place
>
> add -oHashKnownHosts=no and Bob's your uncle.

Right, but known_hosts hashing is there for a reason (to prevent followon
attacks once a machine and keys are compromised). Is there a way to do this
without losing hashing?

Theo