Re: ssh through NAT firewall host ID problem
On Wed, Mar 10, 2004 at 03:23:59PM +0000, Colin Watson wrote:
> On Wed, Mar 10, 2004 at 10:17:02AM -0500, Gregory Seidman wrote:
> > On Wed, Mar 10, 2004 at 12:02:08PM +0200, Micha Feigin wrote:
> > } I have two computers at home running sshd which I can get to through my
> > } firewall using NAT on two different ports.
> > } The problem is that when connecting from the remote host to the
> > } different servers I start getting errors about wrong rsa key and it
> > } won't connect until I delete the known_hosts file.
> > }
> > } How can I bypass this?
> >
> > This is a common complaint, and has been discussed on the OpenSSH
> > mailing list. It seems to be seriously low priority to them.
>
> As I understand it, it's difficult because the known_hosts format would
> need to be changed.
Looking at the docs of the system I'm on you have two options:
1) HostKeyAlias (first google gives example - i've never used this)
2) 'man sshd', '/ SSH_KNOWN_HOSTS'
Note that 'hostnames' is a comma seperated list of values.
These values can contain '*' and '?' wildcards.
Also note that a 'hostnames' can have multiple keys specified on
different lines.
All you need to fix this problem is your favourite text editor it would
seem.
Brian
Reply to: