[RndTbl] ssh host checking

[Trevor Cordes]

What security will I lose by using ssh with:
-o StrictHostKeyChecking=no -o CheckHostIP=no
?

I have a script that connects automatically to dozens of linux boxen (that 
I control) on the internet using dsa/rsa keys.  Many of these are on MTS 
DSL and so change their IP's frequently (often many times a week).  They 
all have dynamic dns setup so I can always access them via a DNS domain 
name (rather than IP).

If I use the ssh defaults of StrictHostKeyChecking=ask and 
CheckHostIP=yes, it mostly works as expected, but sometimes my script will 
hang with ssh waiting for tty input with the usual:

The authenticity of host 'foo.com (141.162.215.81)' can't be established.
Are you sure you want to continue connecting (yes/no)?

I don't mind this for new boxes where I haven't confirmed the fingerprint 
yet, but for existing boxes where the IP has changed, it sometimes gives 
me grief.  I can't recall all the particular instances, but the one that 
just hit me was one of my MTS boxes cycled onto an IP that was previously 
used by a different box!  Seems rather unlikely, but with DSL hanging up 
all the time, it's bound to happen.  I see no way around this occurrence 
except to use the above -o options to disable all checks.

So what attacks am I really opening myseful up to with those settings?  Is 
the worst case that a MitM captures my commands?  Or is the worst case 
that they gain my password/key and access to the remote system?

What else?

It sure would be nice if I could, on my local box, install a key or 
something from each of the remote boxen and say that I never care about 
what IP it has at the moment, just check the key and be happy & secure.

For all scenarios assume local + remote boxes have not been compromised.

Thanks!