[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: expose internal network to the outside world

On Thu, Sep 15, 2005 at 11:27:21AM -0400, Angelo Bertolli wrote:
> Matt Price wrote:
> >Thanks wim!  and everyone else.  I must have missed something in the
> >admin screens, 'cause when I logged in this morning there was "virtual
> >server" right in my face.  I set up the ports just as wim describes, and
> >it works great!  Only problem now is that when I use ssh from outside
> >the network, first ssh one machine, then the other, I get an error
> >message to the effect that :
> > 
> >
> Because they're using the same IP address, so ssh thinks it should be 
> the same machine.  But it's not, so it thinks that machine 2 is now 
> trying to pretend to be machine 1, but the fingerprints don't match.

In the host you're connecting from you can set entries in the ssh config
file(s) to handle this, e.g.,

    $ cat /etc/ssh/ssh_config
    host foo
      HostName some.firewall.host
      Port 1234
    host bar
      HostName some.firewall.host
      Port 5678

The firewall forwards queries on those ports to the appropriate machine.

I've set this up a few times, but it requires coordinating entries on
the firewall and whatever computers you log on to.  A simple alternative
(as mentioned by others) is to connect to one internal machine, and then
ssh from there to the other machines.

Otherwise I see the problem you describe a lot, and sometimes just edit
the .ssh/known_hosts file to remove the offending entry...


Ken Irving, fnkci@uaf.edu

Reply to: