Re: Don't write to known_hosts

From: "Richard E. Silverman" <res@xxxxxxxx>
Date: 07 Nov 2006 13:51:47 -0500

"BC" == Bernard Chan <cbkihong@xxxxxxxxxxx> writes:

BC> Dear All,

BC> The system administrator at my workplace here has done something
BC> that gave me a great deal of mess every time I try to SSH login
BC> from Linux.

BC> He has made some kind of port forwarding on a gateway host to
BC> protect some internal hosts behind. To SSH access the various
BC> hosts behind, I am asked to SSH to the gateway host, and a set of
BC> ports have been set aside which map to port 22 for each server
BC> behind.

BC> I think you can guess what the problem is. Due to different keys
BC> of each host, every time I need to connect to another host through
BC> another port I always need to go to known_hosts on my desktop
BC> machine to remove the line corresponding to the gateway host,
BC> otherwise there will be a key mismatch error preventing me from
BC> logging in further.

BC> I think there ought to be better ways to handle this, but as a
BC> software developer instead of an admin I am not aware if better
BC> methods exist. Or, can we simply prevent the SSH client from
BC> writing to known_hosts?

BC> The machines (desktop and servers) are all Linux machines and are
BC> all using openssh. I'm pretty sure somebody may have experienced
BC> this in the past, but I can find nothing useful on the Web. Thank
BC> you.

BC> Regards, Bernard Chan.

BC> -- Posted via a free Usenet account from http://www.teranews.com

[~/.ssh/config]

host foo
hostname gateway
port 1

host bar
hostname gateway
port 2

....

--
Richard Silverman
res@xxxxxxxx

.

Follow-Ups:
- Re: Don't write to known_hosts
  - From: Darren Tucker

References:
- Don't write to known_hosts
  - From: Bernard Chan

Prev by Date: Re: Multiple sshd instances
Next by Date: chroot SFTP ONLY
Previous by thread: Don't write to known_hosts
Next by thread: Re: Don't write to known_hosts
Index(es):
- Date
- Thread

Relevant Pages

Re: Port Forwarding
... I'm using SecureCRT 5.2.1 and i want to make ssh tunnel to access some ... I have to access Host 2, but to get to host 2 i have to first access ... Is there a way of doing it on SecureCRT? ... pick a port to use locally. ...
(comp.security.ssh)
Re: Alternatives for port forwarding
... to exceed what SSH can accomplish. ... If one user is having host A log in with a remote forward listening on ... port 10000, with the intent of logging in from host B with a local forward ... or any connections to a port on the server. ...
(comp.security.ssh)
Dont write to known_hosts
... me a great deal of mess every time I try to SSH login from Linux. ... He has made some kind of port forwarding on a gateway host to protect some ... The machines are all Linux machines and are all ...
(comp.security.ssh)
Alternatives for port forwarding
... I've been thinking about some ideas I'd like to do with port forwarding ... to exceed what SSH can accomplish. ... If one user is having host A log in with a remote forward listening on ...
(comp.security.ssh)
Re: SSH attacks?
... > I was starting to think that whoever was probing my host from Korea ... Now that my host is out of focus, ... Ever since I moved all externally listening ssh daemons ... to a different port I didn't get any ssh probes anymore. ...
(Incidents)