From wikieduonline
Jump to navigation Jump to search
If this flag is set to yes, ssh(1) will additionally check the host IP address in the known_hosts file. This allows ssh to detect if a host key changed due to DNS spoofing. 
If the option is set to no, the check will not be executed. The default is yes until OpenSSH 8.5 (2021)

ssh 8.5 disable CheckHostIP by default.

Related options[edit]

See also[edit]