[TriLUG] RSA Keys

Tanner Lovelace clubjuggler at gmail.com
Mon Jan 24 12:18:40 EST 2005 

Here's what I do for the same thing:

ssh -o HostKeyAlias=secondmachine.example.com -p 24 firewall.example.com

I haven't checked to see if I have the options others have mentioned in
my config, but I probably do.

Cheers,
Tanner


On Sun, 23 Jan 2005 22:43:46 -0500, Brian Henning
<lugmail at cheetah.dynip.com> wrote:
> Hi Y'all,
>   I now have two ssh-serving hosts behind a NAT firewall at $work.  One,
> representing my workstation, is port-forwarded from a nonstandard port (for
> argument, we'll call it 12345).  The other, representing a server running
> various services, is on the standard port.
>   The irritation I am encountering is that the command-line ssh client (on
> RH7.3) doesn't seem to want to understand that specifying a different port
> could really mean a different host.  Therefore, after I connect to one (ex.
> ssh me at work.net) and accept the RSA key to be added to ~/.ssh/known_hosts,
> when I connect to the other (ex. ssh -p 12345 me at work.net), it balks because
> the RSA key is different.  So I have to open up ~/.ssh/known_hosts, delete
> the work.net line, and start over.
>   What's the best way to resolve this?  Am I doomed to editing
> ~/.ssh/known_hosts each time?  Or is there a less-strict checking option?
> Or would it work to add a /etc/hosts entry to alias that IP to another name
> for one of the two destination machines, thereby fooling (or satisfying) ssh
> that it is in fact two intentionally different endpoints?
>   Most importantly, I do want to continue having more than one ssh endpoint
> inside the firewall perimeter, so when one goes kaput, I can get to the
> other one and do some useful stuff inside the perimeter to try to diagnose
> and/or fix the problem.
> 
> Thanks!
> ~Brian
> 
> --
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ  : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring         : http://trilug.org/~chrish/trilug.asc
> 


-- 
Tanner Lovelace
clubjuggler at gmail dot com
http://wtl.wayfarer.org/
http://www.freeiPods.com/?r=8127171
(fieldless) In fess two roundels in pale, a billet fesswise and an
increscent, all sable.

More information about the TriLUG mailing list