Christian Kurz
2000-Dec-28 13:31 UTC
Might want to allow different host keys for different ports on same host
Hi, and here's the next feature request, which sounds interesting. Also I think I won't need much extra code to add this feature. So what do you guys think?> `ssh' with its host key checking is incompatible with the use of > `redir' to map different ports on a gateway/firewall system to > different systems behind the firewall.> For instance, I redirect ports as follows:> |-----------------| > | fw.somesite.com | > |-----------------| > -> | port 2224 | -> (port 22) internalhost1.somesite.com > Internet -> | port 2223 | -> (port 22) internalhost2.somesite.com > -> | port 2222 | -> (port 22) internalhost3.somesite.com > |-----------------|> In this case, the following three commands end up on different hosts:> ssh -p 2224 fw.somesite.com > ssh -p 2223 fw.somesite.com > ssh -p 2222 fw.somesite.com> Thus, there are different host keys, which leads `ssh' to believe that > the host key has been altered between sessions.> Would it be possible to save both host/IP as well as portnumber as > keys in the 'known_hosts' file?Ciao Christian -- Debian Developer and Quality Assurance Team Member 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
Markus Friedl
2000-Dec-28 13:36 UTC
Might want to allow different host keys for different ports on same host
the HostKeyAlias option (added yesterday) can be used for this and similar problems. On Thu, Dec 28, 2000 at 02:31:14PM +0100, Christian Kurz wrote:> Hi, > > and here's the next feature request, which sounds interesting. Also I > think I won't need much extra code to add this feature. So what do you > guys think? > > > `ssh' with its host key checking is incompatible with the use of > > `redir' to map different ports on a gateway/firewall system to > > different systems behind the firewall. > > > For instance, I redirect ports as follows: > > > |-----------------| > > | fw.somesite.com | > > |-----------------| > > -> | port 2224 | -> (port 22) internalhost1.somesite.com > > Internet -> | port 2223 | -> (port 22) internalhost2.somesite.com > > -> | port 2222 | -> (port 22) internalhost3.somesite.com > > |-----------------| > > > > In this case, the following three commands end up on different hosts: > > > ssh -p 2224 fw.somesite.com > > ssh -p 2223 fw.somesite.com > > ssh -p 2222 fw.somesite.com > > > Thus, there are different host keys, which leads `ssh' to believe that > > the host key has been altered between sessions. > > > Would it be possible to save both host/IP as well as portnumber as > > keys in the 'known_hosts' file? > > Ciao > Christian > -- > Debian Developer and Quality Assurance Team Member > 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853 >