Hi, I have a problem with the host verification of ssh in several networks of the same structure: In all cases there is a router or a firewall with an official IP address, making the ssh-ports of several hosts with RFC1918-addresses available through NAT or TCP forwarding. Thus, different hosts appear on the same IP address, just with different ports. Since SSH uses the IP address but not the port to verify the peer host, ssh always blocks/warns when connecting to a different port since it detects a changed host key. This means to edit the host key file every time or to ommit host key validation. Please store the host keys based on hostname/IP and port number. regards Hadmut
Hadmut Danisch wrote: [...]> Since SSH uses the IP address but not the port to verify the peer > host, ssh always blocks/warns when connecting to a different port > since it detects a changed host key. This means to edit the host key > file every time or to ommit host key validation.Or use a HostKeyAlias in your ssh_config, eg, for hosts "server1" and "server2" behind ports 2222 and 2223 of "gateway": Host server1 Hostname gateway Port 2222 HostKeyAlias server1 Host server2 Hostname gateway Port 2223 HostKeyAlias server2> Please store the host keys based on hostname/IP and port number.See: http://bugzilla.mindrot.org/show_bug.cgi?id=910 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.