[TriLUG] RSA Keys
Brian Henning
lugmail at cheetah.dynip.com
Sun Jan 23 22:43:46 EST 2005
Hi Y'all,
I now have two ssh-serving hosts behind a NAT firewall at $work. One,
representing my workstation, is port-forwarded from a nonstandard port (for
argument, we'll call it 12345). The other, representing a server running
various services, is on the standard port.
The irritation I am encountering is that the command-line ssh client (on
RH7.3) doesn't seem to want to understand that specifying a different port
could really mean a different host. Therefore, after I connect to one (ex.
ssh me at work.net) and accept the RSA key to be added to ~/.ssh/known_hosts,
when I connect to the other (ex. ssh -p 12345 me at work.net), it balks because
the RSA key is different. So I have to open up ~/.ssh/known_hosts, delete
the work.net line, and start over.
What's the best way to resolve this? Am I doomed to editing
~/.ssh/known_hosts each time? Or is there a less-strict checking option?
Or would it work to add a /etc/hosts entry to alias that IP to another name
for one of the two destination machines, thereby fooling (or satisfying) ssh
that it is in fact two intentionally different endpoints?
Most importantly, I do want to continue having more than one ssh endpoint
inside the firewall perimeter, so when one goes kaput, I can get to the
other one and do some useful stuff inside the perimeter to try to diagnose
and/or fix the problem.
Thanks!
~Brian
More information about the TriLUG
mailing list