Re: many hosts, different ports, single IP address

From: Brian Hatch (bri_at_ifokr.org)
Date: 06/07/04

  • Next message: Eric S. Johansson: "Re: many hosts, different ports, single IP address" 
    Date: Mon, 7 Jun 2004 08:52:57 -0700
To: "Eric S. Johansson" <esj@harvee.org>

    > I keep getting the following warning. What triggers this warning is that I
    > am connecting to multiple hosts behind an address translation firewall.
    > There is a single IP address with each machine on a separate port. I've
    > tried changing strict host key checking to no which will let me login but
    > it still gives me this annoying and more importantly wrong warning. My
    > current work around is to alias ssh to a script which first deletes
    > known_hosts automatically before calling SSH.
    > is there any way to preserve the key checking value in SSH if you are
    > connecting to multiple hosts on different port numbers?

    Use the 'HostKeyAlias' functionality in ~/.ssh/config, ala

    $ cat ~/.ssh/config
    Host box1
    HostKeyAlias box1
    Hostname firewall.example.com
    port 5001

    host box2
    HostKeyAlias box2
    hostname firewall.example.com
    port 5002

    Then just use 'ssh box1' or 'ssh box2' and they'll have distinct host
    keys that don't use the actual hostname, firewall.example.com in the
    above examples. 

    -- 
Brian Hatch                  "I am a Ranger. We walk in the dark places
   Systems and                no others will enter. We stand on the
   Security Engineer          bridge and no one may pass.
http://www.ifokr.org/bri/     We live for the One, we die for the One."
Every message PGP signed

  • Next message: Eric S. Johansson: "Re: many hosts, different ports, single IP address"

    Relevant Pages

    • RE: [fw-wiz] RE: In defense of non standard ports
      ... Jeff's response but I just thought of this in regards to having multiple hosts 'using' a single Internet address: ... How does running the same traffic across another port automatically make ...
      (Firewall-Wizards)
    • RE: I think Ive been hacked...please help!
      ... > connecting within seconds of boot. ... port scanning the machine from the outside ... experience performing incident response activities, ... one will run netstat and see something listening on ...
      (Incidents)
    • Re: Remote Desktop problems
      ... The> first thing you have to do is setup the router to port forward. ... In the> routers config page you should see settings to> setup port forwarding. ... Once the logon box comes up, you put in a user name>>> that's on the computer your connecting to and its password. ... >>>> laptop on my home network. ...
      (microsoft.public.windowsxp.general)
    • Re: Remote Desktop problems
      ... The> first thing you have to do is setup the router to port forward. ... In the> routers config page you should see settings to> setup port forwarding. ... Once the logon box comes up, you put in a user name>>> that's on the computer your connecting to and its password. ... >>>> laptop on my home network. ...
      (microsoft.public.windowsxp.work_remotely)
    • Problem Restated: OPA0 on DS10L
      ... connecting to the OPA0 port. ... normal was TEST 2, connecting from an XP1000. ... NORNS> set host/dte opa0 ...
      (comp.os.vms)