How to add an ip range to known_hosts?

As noted in other answers, known_hosts does not have support for IP address ranges. It does, however, support wildcards. Of course wild-cards aren't quite the same thing so you need to be really careful about how you use them in IP addresses, but in the particular case of Github this can be done safely.

The situation seems to have gotten simpler since the question was asked. According to Github's official documentation there is only one IP address range in use (at least as far as IPv4 goes). This is the 192.30.252.0/22 range. That makes for 1020 possible IP addresses that conveniently span the entire possible range for the last octet in just four different C blocks.

From man 8 sshd, this is what we have to work with in known_hosts:

Hostnames is a comma-separated list of patterns (* and ? act as wildcards); each pattern in turn is matched against the canonical host name (when authenticating a client) or against the user-supplied name (when authenticating a server). A pattern may also be preceded by ! to indicate negation: if the host name matches a negated pattern, it is not accepted (by that line) even if it matched another pattern on the line. A hostname or address may optionally be enclosed within [ and ] brackets then followed by : and a non-standard port number.

Using this info, we can construct an entry using the * wildcard for the last octet that matches all possible Github endpoints (and ONLY those endpoints) like so:

github.com,192.30.252.*,192.30.253.*,192.30.254.*,192.30.255.* ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==

If the IP range you needed to construct did not fill a full C block and thus all possible values for an octet, it would be impossible to use wildcards for such an accurate match.

I do not think you can easily add the ranges, but I think (can't test this right now) that the same effect can be achieved by adding the following to .ssh/ssh_config:

Host *.github.com
HostKeyAlias github-server-pool.github.com

Next, you would add the key to the known_hosts file under the name github-server-pool.github.com.

Assumption: the host github-server-pool.github.com does not exist or is never connected to through SSH.

The idea behind it, is that ssh will use the key github-server-pool.github.com as the key to lookup the public host key for all hosts of the github.com domain.

There is no support for IP address sets in the known_hosts file. You'll have to have one line per address.

Although the host name part of entries is hashed by default, this is only for privacy so that someone getting hold of your .known_hosts wouldn't be able to easily find out which hosts you've been connecting to. (They can still verify guesses.) You can use a plain host name or IP address.

for net in 207.97.227.224/27 173.203.140.192/27 204.232.175.64/27 72.4.117.96/27 192.30.252.0/24 192.30.252.1/24 192.30.252.2/24 192.30.252.3/24; do
  base=${net%/*}; d=${base##*.}; abc=${base%.*}
  bits=$((32 - ${net#*/}))
  e=0
  while [ $e -lt $((2 ** bits) ]; do
    echo "$abc.$((d + e)) ssh-rsa AAAAB3NzaC1yc…" >>~/.ssh/known_hosts
    e=$((e + 1))
  done
done

Note that this may add duplicates.