mDNS lookups and SSH host key fun

I recently moved to a new apartment, and through a combination of not being assed setting up a proper DNS/DHCP/firewall box and not having a huge need for it, the network here is a fairly bog standard “home networking” type setup, running off the router supplied by my ISP. There’s no local DNS server, just a forwarder – trying to look up my desktop’s hostname will return the IP of a “helpful” search result page provided by the ISP.

I decided to finally look into the mDNS (multicast DNS) thing – I know my laptop (running OS X) has it set up out of the box because Apple’s file sharing uses it. I think they call it Rendezvous. Linux supports it through Avahi daemon and libnss-mdns, which I know is enabled on my desktop (I set up netatalk advertised via Avahi a while ago on it). After a few minutes of googling, I figured it out – just need to append “.local” to a hostname to do a lookup using mDNS instead of DNS.

[andrew@Strongbad ~]$ ssh xenu.local
The authenticity of host 'xenu.local (fe80::250:8dff:fe95:4ae7%en1)' can't be established.
RSA key fingerprint is dc:bc:96:3e:77:e0:51:b9:74:37:3b:4b:06:f4:a5:17.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xenu.local,fe80::250:8dff:fe95:4ae7%en1' (RSA) to the list of known hosts.
Password:

Whahey, it worked \o/ Interestingly, it uses the IPv6 automagical link local address, not the v4 addresses on the network. There’s a slight problem with this though. The IP address was used in the host key line that was added to known_hosts. If the IP (or in this case, the interface I’m connected via) changes it’ll splurt out an error, and I’m planning to set up dirvish over SSH (want to back my laptop up to my desktop), so this will need to work in an automated sort of way. To get around this, I can make SSH ignore the IP address when checking host keys by adding the following to ~/.ssh/config:

CheckHostIP no

This would be a problem if anything I used relied on IP addresses as a security measure, but they don’t. Host keys associated with host names are all that matter. I remove the line that was added to known_hosts last time, and try connecting again using the mDNS name:

[andrew@Strongbad ~]$ ssh xenu.local
The authenticity of host 'xenu.local (fe80::250:8dff:fe95:4ae7%en1)' can't be established.
RSA key fingerprint is dc:bc:96:3e:77:e0:51:b9:74:37:3b:4b:06:f4:a5:17.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xenu.local' (RSA) to the list of known hosts.

It worked. Now to get dirvish to work. This lack of backups is making me extremely nervous (Time Machine failed me miserably last time I needed it).