Re: RSA host keys problems with 2 different openssh servers on the same box

From: Catalin Petrescu (taz_at_dntis.ro)
Date: 10/16/03

Next message: Florian Effenberger: "OpenSSH ignores PAM?"

Previous message: Wu Fei Liang: "Re: pscp with challengeresponse"
In reply to: Martin Sarsale: "RSA host keys problems with 2 different openssh servers on the same box"
Next in thread: Darren Tucker: "Re: RSA host keys problems with 2 different openssh servers on the samebox"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 16 Oct 2003 20:41:21 +0300 (EEST)
To: Martin Sarsale <msarsale@buenosaires.gov.ar>

On Thu, 16 Oct 2003, Martin Sarsale wrote:

> Date: Thu, 16 Oct 2003 11:35:49 -0300
> From: Martin Sarsale <msarsale@buenosaires.gov.ar>
> To: secureshell@securityfocus.com
> Subject: RSA host keys problems with 2 different openssh servers on the
> same box
>
> Dear all:
>
> We've a firewall box with one ssh running on X.X.X.X:22 and an iptables forward rule redirecting connections on port 10022 to the ssh server on another machine (Y.Y.Y.Y:22).
>
> Now:
> when I connect to the ssh server running in X.X.X.X:22 my ssh client saves the RSA host key for the ip X.X.X.X
> but, when I connect to X.X.X.X:10022 (forwarded to a remote ssh), the client saves Y.Y.Y.Y's RSA host key for the ip X.X.X.X !!
>
> then, if I try to connect to port 22 I get an error because the RSA host key doesn't match with the saved one (because the saved one is from Y.Y.Y.Y but associated with the ip X.X.X.X)
>
> I guess that it should save the port along with the ip for each RSA host key.
>
> Im running OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f on the client side.
>
> thanks in advance
>
>
Helo,
write in your config file something like this:

Host machine1
CheckHostIP no
HostKeyAlias machine1
HostName x.x.x.x
Port 22

Host machine2
Host axil
CheckHostIP no
HostKeyAlias machine2
HostName x.x.x.x
Port 10022

Host *

CheckHostIP isn't mandatory.

Regards,

-- 
Catalin Petrescu <taz at dntis dot ro>
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GCS/CC/IT/S/MU d- s+: a- C++ ULAS++++$ P+>+++ L+++ E- W+ N+ o? K?
w-- O-- M- V? PS+ PE Y PGP+>++ t 5? X+ R? tv--() b+>++ DI++ D+ G
e++ h* r-- y? 
------END GEEK CODE BLOCK------

Next message: Florian Effenberger: "OpenSSH ignores PAM?"

Previous message: Wu Fei Liang: "Re: pscp with challengeresponse"
In reply to: Martin Sarsale: "RSA host keys problems with 2 different openssh servers on the same box"
Next in thread: Darren Tucker: "Re: RSA host keys problems with 2 different openssh servers on the samebox"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]