Re: incorrect "host key changed" for multi-sshd localhost

From: Richard Silverman (
Date: 11/21/02

From: Richard Silverman <>
Date: 20 Nov 2002 19:59:20 -0500

>>>>> "Ian" == Ian! D Allen <> writes:

    Ian> Rather than DNS kludges, I think what is needed is a way for me
    Ian> to tell the ssh client to "tag" this connection with a unique
    Ian> identifier that will be used for host key lookup in the
    Ian> known_hosts file in lieu of the default tag it uses currently
    Ian> (host name and/or IP address). I think that would work.

    Ian> Does adding a tagging option to the openssh client source sound
    Ian> reasonable?

Not necessary; the feature is already there. Like so:


host foo
  hostname localhost
  hostkeyalias foo

host bar
  hostname localhost
  hostkeyalias bar

... and have the appropriate host keys listed in your known_hosts files
with the tags "foo" and "bar."

    Ian> We've been discussing this. He only supports the Microsoft VPN
    Ian> client for access to the campus.

The MS "VPN connector" uses either L2TP/IPSec, or PPTP. There is a free
Unix PPTP client (poptop), and of course IPSec, but free L2TP support
seems to be in its infancy; there is l2tpd but it appears to be work in
progress (but maybe functional enough)?

 Richard Silverman