hello, we want to install ssh on multiple servers. these have a common user filesystem, and are (seemingly) "transparent" to the users, except the actual machines name, which is different. the question is, what are the "pro's and con's" in using the same host-key pair on all those machines. the "pro" same-key fraction says, it would be easier for the user to read and compare only one key (resp. fingerprint), and on paper-handouts will much less space be needed for this key/fingerprint, so we could print all different-purpose-keys on one page. additionally, disk-images have sometimes to be done from one machine to the other, and then there would not be any problem with the ssh-installation, etc. the only argument i currently have on the "contra" side is: it may be contrary to the user's understanding, when i tell him about security, and that checking of keys/fingerprints may be a good idea, and when he does check the fingerprint, he then will find we are treating all machines as equal by using the same key-pair. but technically-practically, i cannot find a convincing argument. as far as we have tested, ssh is working with a same-key-configuration. (just for completeness, but i don't think it's needed here: we use ssh V2.3.0 with 1.2.30 on AIX 4.2.1 with AFS) am i right? could you add something? should we use one-for-all? thanks in advance Joachim
