Re: OpenSSH client and known_hosts



Hello,

You may define yours hosts in your .ssh/config configuration file:

---8=----
Host server1
Hostname server.your.net
Port 221
HostKeyAlias server1
CheckHostIP no

Host server2
Hostname server.your.net
Port 222
HostKeyAlias server2
CheckHostIP no

Host server3
Hostname server.your.net
Port 223
HostKeyAlias server3
CheckHostIP no
---=8----

The known_host file will actually not store the port information, but this will avoid the HostKey problem. Please not that not checking the server IP ("CheckHostIP no") is needed to do that, but this is a security issue.

Regards,
Pierre

Devin Robinson wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Using the ssh client packaged with OpenSSH, is it possible to keep track
of the ports along with host/IP information in known_hosts without
modification to the client? I ssh into a few servers in a NAT that have
sshd running on different ports with different ssh host keys, and having
to constantly edit my known_hosts file can get tedious.

I'm sure someone else here was/is in a similar situation, any thoughts?

Thanks,
Devin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.7 (GNU/Linux)

iD8DBQFEVb642KEYoF/FJCoRApHvAJ0etibsgDBCLRF4MNsvS5B0B+54nwCfc+I0
W/WEVGAdGoojiGJhdDr9KVw=
=R4vz
-----END PGP SIGNATURE-----


Cordialement,
--
Pierre NEYRON Responsable Comité Technique Grid'5000
Pierre.Neyron@xxxxxxx INRIA Futurs
Tel fixe : +33 (0)4 76 61 20 18 Laboratoire ID-IMAG
Mobile : +33 (0)6 72 70 22 64 ZIRST, 51 avenue Jean Kuntzmann
Fax : +33 (0)4 76 61 20 99 38330 Montbonnot Saint-Martin FRANCE



Relevant Pages

  • Re: SPN creation
    ... webserver named server1. ... accounts. ... He wants to run the test website on port ... these websites also connect to sql backend ...
    (microsoft.public.windows.server.active_directory)
  • Re: Access internal server from public internet
    ... order for me to bypass server1 port 80 i would have to make the source ... 81 and map it to 80 on the internal ip. ... when machines at public network (Internet) query the s2.example.com ...
    (microsoft.public.windows.server.dns)
  • command-line reverse connection tunnel?
    ... have a machine behind a firewall that lets in only port 80, ... I need a program on SERVER1 that creates a connection to ... and SERVER1 needs to connect to itself on port 3389. ... This list is provided by the SecurityFocus Security Intelligence Alert ...
    (Pen-Test)
  • Re: command-line reverse connection tunnel?
    ... I need a program on SERVER1 that creates a connection to ... the connection that is created to CLIENT1 then needs to listen on ... and SERVER1 needs to connect to itself on port 3389. ...
    (Pen-Test)