Re: expose internal network to the outside world
On Thu, Sep 15, 2005 at 11:27:21AM -0400, Angelo Bertolli wrote:
> Matt Price wrote:
>
> >Thanks wim! and everyone else. I must have missed something in the
> >admin screens, 'cause when I logged in this morning there was "virtual
> >server" right in my face. I set up the ports just as wim describes, and
> >it works great! Only problem now is that when I use ssh from outside
> >the network, first ssh one machine, then the other, I get an error
> >message to the effect that :
> >
> >
> Because they're using the same IP address, so ssh thinks it should be
> the same machine. But it's not, so it thinks that machine 2 is now
> trying to pretend to be machine 1, but the fingerprints don't match.
>
In the host you're connecting from you can set entries in the ssh config
file(s) to handle this, e.g.,
$ cat /etc/ssh/ssh_config
...
host foo
HostName some.firewall.host
Port 1234
...
host bar
HostName some.firewall.host
Port 5678
...
The firewall forwards queries on those ports to the appropriate machine.
I've set this up a few times, but it requires coordinating entries on
the firewall and whatever computers you log on to. A simple alternative
(as mentioned by others) is to connect to one internal machine, and then
ssh from there to the other machines.
Otherwise I see the problem you describe a lot, and sometimes just edit
the .ssh/known_hosts file to remove the offending entry...
Ken
--
Ken Irving, fnkci@uaf.edu
Reply to: