Re: RSA host keys problems with 2 different openssh servers on the same box
From: Catalin Petrescu (taz_at_dntis.ro)
Date: Thu, 16 Oct 2003 20:41:21 +0300 (EEST) To: Martin Sarsale <email@example.com>
On Thu, 16 Oct 2003, Martin Sarsale wrote:
> Date: Thu, 16 Oct 2003 11:35:49 -0300
> From: Martin Sarsale <firstname.lastname@example.org>
> To: email@example.com
> Subject: RSA host keys problems with 2 different openssh servers on the
> same box
> Dear all:
> We've a firewall box with one ssh running on X.X.X.X:22 and an iptables forward rule redirecting connections on port 10022 to the ssh server on another machine (Y.Y.Y.Y:22).
> when I connect to the ssh server running in X.X.X.X:22 my ssh client saves the RSA host key for the ip X.X.X.X
> but, when I connect to X.X.X.X:10022 (forwarded to a remote ssh), the client saves Y.Y.Y.Y's RSA host key for the ip X.X.X.X !!
> then, if I try to connect to port 22 I get an error because the RSA host key doesn't match with the saved one (because the saved one is from Y.Y.Y.Y but associated with the ip X.X.X.X)
> I guess that it should save the port along with the ip for each RSA host key.
> Im running OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f on the client side.
> thanks in advance
write in your config file something like this:
CheckHostIP isn't mandatory.
-- Catalin Petrescu <taz at dntis dot ro> -----BEGIN GEEK CODE BLOCK----- Version: 3.12 GCS/CC/IT/S/MU d- s+: a- C++ ULAS++++$ P+>+++ L+++ E- W+ N+ o? K? w-- O-- M- V? PS+ PE Y PGP+>++ t 5? X+ R? tv--() b+>++ DI++ D+ G e++ h* r-- y? ------END GEEK CODE BLOCK------