I have a centos box that will need to ssh into 2 other centos boxes (with keys). Now one of these boxes is a firewall, and another is a system behind the firewall. I have rules in my firewall to punch into the system behind the FW. Now if i connect to the IP (sine the public one is shared), anytime i connect to the other system, I get the host verification failed error and have to remove the IP from the known_hosts file. What is the best (secure) way to get around this? I know i can disable the check, but that is not my preferred way. Thanks. d
dnk wrote:> I have a centos box that will need to ssh into 2 other centos boxes > (with keys). Now one of these boxes is a firewall, and another is a > system behind the firewall. I have rules in my firewall to punch into > the system behind the FW. > > Now if i connect to the IP (sine the public one is shared), anytime i > connect to the other system, I get the host verification failed error > and have to remove the IP from the known_hosts file. > > What is the best (secure) way to get around this? I know i can disable > the check, but that is not my preferred way. >There are two ways to do it. The first way is to simply set the host keys to be the same on all the boxes (copy the contents of the /etc/ssh/*key* files from one box to all of the boxes). The other way is to setup separate ssh_config files for each destination with different known_host files and invoke ssh as 'ssh -F configfile1 host1', 'ssh -F configfile2 host2', etc. -- Benjamin Franz
russ at vshift.com
2009-Mar-19 23:07 UTC
[CentOS] ssh - alternate ports, and host verification
Are these on the same ip, but different ports? I suggest setting up two different hostnames. Russ ------Original Message------ From: dnk Sender: centos-bounces at centos.org To: CentOS Mailing list ReplyTo: CentOS Mailing list Sent: Mar 19, 2009 6:53 PM Subject: [CentOS] ssh - alternate ports, and host verification I have a centos box that will need to ssh into 2 other centos boxes (with keys). Now one of these boxes is a firewall, and another is a system behind the firewall. I have rules in my firewall to punch into the system behind the FW. Now if i connect to the IP (sine the public one is shared), anytime i connect to the other system, I get the host verification failed error and have to remove the IP from the known_hosts file. What is the best (secure) way to get around this? I know i can disable the check, but that is not my preferred way. Thanks. d _______________________________________________ CentOS mailing list CentOS at centos.org http://lists.centos.org/mailman/listinfo/centos Sent from my Verizon Wireless BlackBerry