On Sat, Apr 7, 2012 at 1:52 AM, Joel Maslak <[email protected]> wrote:
> On Apr 6, 2012, at 8:19 PM, Nico Kadel-Garcia <[email protected]> wrote: > > > Stable IP address assignments are important for any SSH or SSL based > access. OpenSSH, in particular, doesn't have useful behavior if the IP > addresses swap and you have old public host keys stored locally. > > > SSL doesn't care about IP, only DNS name. SSH is a different beast > entirely (and does care about IP, which means some things are uglier than > they should be). > SSL does, indeed care. Session ID's are tied to IP addresses, for example, and especially for self-signed certificates that have never been signed by a "trusted authority", you have to re-accept them when they are served from another IP address. SSH is just nastier about it: the same IP address is *not* supposed ot have multiple SSH host keys. > DHCP is not incompatable with stable IP assignments. I always used static > mappings in my DHCP servers (you need at least two, for redundancy) to make > sure hosts (which use DHCP) had fixed IPs. It really makes things easier > to automate. Amen. I find it much, much more stable than relying on the dynamic DNS of AD or recent versions of Samba.
