Bug#387376: ssh: Can't have different host keys for different ports but same address (NAT)

To: Helge Hafting <helgehaf@aitel.hist.no>
Cc: 387376@bugs.debian.org
Subject: Bug#387376: ssh: Can't have different host keys for different ports but same address (NAT)
From: Greg Norris <haphazard@kc.rr.com>
Date: Thu, 14 Sep 2006 17:57:58 -0500
Message-id: <[🔎] 20060914225758.GA27136@yggdrasil.localdomain>
Reply-to: Greg Norris <haphazard@kc.rr.com>, 387376@bugs.debian.org
In-reply-to: <[🔎] 20060913234025.31513.30237.reportbug@hh.aitel.hist.no>
References: <[🔎] 20060913234025.31513.30237.reportbug@hh.aitel.hist.no>

On Thu, Sep 14, 2006 at 01:40:25AM +0200, Helge Hafting wrote:
> Unfortunately, ssh always check the hostkey against the IP
> address only, and so it thinks there is a man-in-the-middle
> attack when I try the second pc instead of the first.

Have you tried setting the HostKeyAlias option in ~/.ssh/config?  This 
should allow the use of separate hostkeys for each logical combination.  
Here's an example of the ~/.ssh/config entries:

   Host natbox1
     HostName realserver.example.com
     Port 2201
     HostKeyAlias natbox1

   Host natbox2
     HostName realserver.example.com
     Port 2202
     HostKeyAlias natbox2

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Bug#387376: ssh: Can't have different host keys for different ports but same address (NAT)
  - From: Helge Hafting <helgehaf@aitel.hist.no>

Prev by Date: Bug#387387: marked as done (openssh-client: ssh-add(1) prints error message to stdout)
Next by Date: Bug#387669: forwarded connections disappear
Previous by thread: Bug#387376: ssh: Can't have different host keys for different ports but same address (NAT)
Next by thread: Bug#387386: openssh-client: ssh-add(1) prints error message to stdout
Index(es):
- Date
- Thread