Re: logging into port-forwarded ssh confuses certs
From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 12/30/03
- Next message: Martin Winkler: "Re: ssh using plink.exe giving "Unable to open connection: gethostbyname :unknown error""
- Previous message: HORNE_at_PSFC.MIT.EDU: "logging into port-forwarded ssh confuses certs"
- In reply to: HORNE_at_PSFC.MIT.EDU: "logging into port-forwarded ssh confuses certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Dec 2003 00:21:04 +0000 (UTC)
In article <29DEC03.19284900@alfa60.psfc.mit.edu>, <HORNE@PSFC.MIT.EDU> wrote:
>I use redir (http://sammy.net/~sammy/hacks/)
>to map ssh ports from behind my firewall, onto
>the firewall -- so I can log into the interior machine from outside,
>via "ssh -p <port> my.firewall.com".
>(redir works well.)
>
>This causes confusion in the "known_hosts" file on the client side,
> because the cert associated with
>the interior machine doesn't match that of my.firewall.com.
>
>Is there a Canonical fix to this problem? Or a hack?
HostKeyAlias. Put something like this into the client config:
Host internal.firewall.com
Hostname my.firewall.com
Port <port>
HostKeyAlias internal.firewall.com
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: Martin Winkler: "Re: ssh using plink.exe giving "Unable to open connection: gethostbyname :unknown error""
- Previous message: HORNE_at_PSFC.MIT.EDU: "logging into port-forwarded ssh confuses certs"
- In reply to: HORNE_at_PSFC.MIT.EDU: "logging into port-forwarded ssh confuses certs"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
