Re: RSA host keys problems with 2 different openssh servers on the same box

From: Catalin Petrescu (taz_at_dntis.ro)
Date: 10/16/03

  • Next message: Florian Effenberger: "OpenSSH ignores PAM?"
    Date: Thu, 16 Oct 2003 20:41:21 +0300 (EEST)
    To: Martin Sarsale <msarsale@buenosaires.gov.ar>
    
    

    On Thu, 16 Oct 2003, Martin Sarsale wrote:

    > Date: Thu, 16 Oct 2003 11:35:49 -0300
    > From: Martin Sarsale <msarsale@buenosaires.gov.ar>
    > To: secureshell@securityfocus.com
    > Subject: RSA host keys problems with 2 different openssh servers on the
    > same box
    >
    > Dear all:
    >
    > We've a firewall box with one ssh running on X.X.X.X:22 and an iptables forward rule redirecting connections on port 10022 to the ssh server on another machine (Y.Y.Y.Y:22).
    >
    > Now:
    > when I connect to the ssh server running in X.X.X.X:22 my ssh client saves the RSA host key for the ip X.X.X.X
    > but, when I connect to X.X.X.X:10022 (forwarded to a remote ssh), the client saves Y.Y.Y.Y's RSA host key for the ip X.X.X.X !!
    >
    > then, if I try to connect to port 22 I get an error because the RSA host key doesn't match with the saved one (because the saved one is from Y.Y.Y.Y but associated with the ip X.X.X.X)
    >
    > I guess that it should save the port along with the ip for each RSA host key.
    >
    > Im running OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f on the client side.
    >
    > thanks in advance
    >
    >
    Helo,
    write in your config file something like this:

    Host machine1
     CheckHostIP no
     HostKeyAlias machine1
     HostName x.x.x.x
     Port 22

    Host machine2
     Host axil
     CheckHostIP no
     HostKeyAlias machine2
     HostName x.x.x.x
     Port 10022

    Host *

    CheckHostIP isn't mandatory.

    Regards,

    -- 
    Catalin Petrescu <taz at dntis dot ro>
    -----BEGIN GEEK CODE BLOCK-----
    Version: 3.12
    GCS/CC/IT/S/MU d- s+: a- C++ ULAS++++$ P+>+++ L+++ E- W+ N+ o? K?
    w-- O-- M- V? PS+ PE Y PGP+>++ t 5? X+ R? tv--() b+>++ DI++ D+ G
    e++ h* r-- y? 
    ------END GEEK CODE BLOCK------
    

  • Next message: Florian Effenberger: "OpenSSH ignores PAM?"