Re: Port Forwarding and Multiple SSH Servers - WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!

From: Darren Tucker (dtucker_at_dodgy.net.au)
Date: 11/30/04 

Date: 30 Nov 2004 09:23:21 GMT

In article <41ABB47B.7EC9CF71@jei.homelinux.net>,
Job Eisses <jei@jei.homelinux.net> wrote:
>Gary wrote:
>>
>> Behind my firewall I have several SSH servers that I connect to with
>> something like:
>> ssh -p xx user@firewall_IP_address
>> ... but I still get the error message. My workaound is to remove the key
>> in known_hosts and then connect but I need to find a better solution.
>> Is there one?
>
>My workaround, a bit clumsy, is to use "ssh -F configfileX ..." with a
>different
>configfileX for each host, and in that configfileX a reference to a
>different known_hosts file for each host. I came across it when i wanted
>to ssh to many different hosts from a single server via a ssh gateway
>host, each getting its own local portnumber.

If you're using OpenSSH, use HostKeyAlias, that's what it's there for.

In .ssh/config

Host hosta
        Hostname firewall_IP_address
        HostKeyAlias hosta

Host hostb
        Hostname firewall_IP_address
        HostKeyAlias hostb

You may also want "CheckHostIP no". For details see the ssh_config(5)
man page. 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Relevant Pages

  • Re: Port Forwarding and Multiple SSH Servers - WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
    ... >> Behind my firewall I have several SSH servers that I connect to with ... > different known_hosts file for each host. ... > to ssh to many different hosts from a single server via a ssh gateway ... That way you wouldn't have to specify ...
    (comp.security.ssh)
  • RE: sshd / ssh setup
    ... We have an Remote FreeBSD system which is located some where on the ... This method gives the maximum protection possible utilizing ssh. ... Host setup steps. ... Reboot your system to activate sshd and login as root. ...
    (freebsd-questions)
  • SSH filter transer, was Re: Soft Update - directory/file listing
    ... But SSH file transfer is painfully slow all the time. ... ## SSH 3.2 Server Configuration File ... # Note that forwardings using the name of this host will be allowed (if ...
    (freebsd-performance)
  • Re: [opensuse] Re: OpenSUSE PuTTY ?
    ... PuTTY lets you set up all kinds of special options, tied to which host ... The ssh daemon on the host machine is usually activated by default, ... As a taster to open a remote session in a new window in any konsole ... Windows users should explore Cygwin as this will allow you to run ssh ...
    (SuSE)
  • Re: Disable name canonicalization for OpenSSH GSSAPI
    ... The issue I'm having is with a new server ... I'm unable to setup the correct reverse ... When I attempt to connect to this host with SSH, ...
    (comp.protocols.kerberos)