Re: Multiple host signatures connecting in through NAT
From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 01/29/04
- Next message: Stefan: "getting SSH on UNIX Server"
- Previous message: tipicanu: "prob. executing 'pg' command through putty connection"
- In reply to: Andrew Bashere: "Multiple host signatures connecting in through NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Jan 2004 20:21:45 +0000 (UTC)
In article <fd707556.0401290647.37c21b59@posting.google.com>,
Andrew Bashere <abashere@yahoo.com> wrote:
>I have noticed a rather critical difference (to me at least) between
>OpenSSH and the commercial SSH. OpenSSH associates a key with a
>(hostname,ip) where as SSH uses a (resolved-hostname,port).
>
>I looked into this as a result of trying to use port-redirection on a
>NAT box to reach other machines behind the interface using
>SSH/OpenSSH. SSH(client) had no problems accepting the fact that
>there are different keys on the same host (at different ports).
>OpenSSH identified the man-in-the-middle alright; but then seemed to
>want to change the recorded key for the host.
>
>Is there a way to have OpenSSH work more like the commercial SSH with
>regards to the port discrimination?
Kind of. See the ssh_config man page for HostKeyAlias and CheckHostIP.
Basically, put this into ~/.ssh/config:
Host machine-behind-nat
Hostname natbox
HostKeyAlias machine-behind-nat
CheckHostIP no
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- Next message: Stefan: "getting SSH on UNIX Server"
- Previous message: tipicanu: "prob. executing 'pg' command through putty connection"
- In reply to: Andrew Bashere: "Multiple host signatures connecting in through NAT"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
