Re: ssh through NAT firewall host ID problem

[Rob Sims <robsims@robsims.ipf.fc.hp.com>]

On Wednesday 10 March 2004 08:23 am, Colin Watson wrote:
> On Wed, Mar 10, 2004 at 10:17:02AM -0500, Gregory Seidman wrote:
> > On Wed, Mar 10, 2004 at 12:02:08PM +0200, Micha Feigin wrote:
> > } I have two computers at home running sshd which I can get to through my
> > } firewall using NAT on two different ports.
> > } The problem is that when connecting from the remote host to the
> > } different servers I start getting errors about wrong rsa key and it
> > } won't connect until I delete the known_hosts file.
> > } 
> > } How can I bypass this?
> > 
> > This is a common complaint, and has been discussed on the OpenSSH
> > mailing list. It seems to be seriously low priority to them.
> 
> As I understand it, it's difficult because the known_hosts format would
> need to be changed.

Couldn't ssh just use the specified host name instead of the resolved
hostname?  I could set up my .ssh/config:

host machineA
        Hostname firewall
        Port 1234

host machineB
        Hostname firewall
        Port 1235

Seems like an easy fix, and wouldn't affect non-aliased entries in
known hosts.  The first connection to aliased machines would be
flagged, but that's no big deal.
--
Rob (who is suffering the same issues)