As far as I can gather from readin sshd(8) and the source code (get_hostfile_hostname_ipaddr in upstream's openssh-6.1p1), at most two key lookups are performed:
(a) [Only for protocol version 1] One for the ip address of the remote host, with put_host_port(ntop, port) (b) One for the hostname. (1) If it is an HostKeyAlias, just look for the hostname, (2) else for put_host_port(hostname, port). In the bugzilla entry #910 [1], I found that a fallback option (look for hostname only, if (b.2) fails) was discussed, but if I understand it correctly, this never was included. I also mailed the OpenSSH mailing list to confirm that my analysis is correct [2]. [1] https://bugzilla.mindrot.org/show_bug.cgi?id=910 [2] http://marc.info/?l=openssh-unix-dev&m=135221834426513&w=2 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org