Hi, I must access several hosts through reverse masquerading gateways which are visible on the Internet under a single IP address, with different ports (2, 22, 222, 2222 etc..) forwarding to port 22 of various internal ssh servers, each with its own hostkey. This setup totally confuses the openssh client because it does not store the port numbers in the known_hosts* file, and thus falsely detects host key mismatches!! Is there any hope of resolving this situation soon? Also, how about supporting the "ssh user at host#port" number syntax, instead of requiring the -p option? Both issues are handled properly by the ssh.c*m proprietary implementation. Best regards Marc PS: Please Cc: any replies directly to me as I am not on the list.
Marc Boucher wrote:> > Also, how about supporting the "ssh user at host#port" number syntax, instead > of requiring the -p option?I'd suggest user at host:port to be more in line with established conventions, unless the colon is already being used for something else... -- John Hardin <johnh at aproposretail.com> Internal Systems Administrator voice: (425) 672-1304 Apropos Retail Management Systems, Inc. fax: (425) 672-0192
John-- I agree that user at host:port would be more in line with other non-ssh uses, but the colon is already magic to scp with a different meaning. If one wants to scp a file to a remote system where ssh is running on an unusual port, then there could be confusion: scp filename username at host:port:/home/username To my knowledge, that's why the user at host#port syntax was used in that "other" ssh implementation. Having said that, I don't see that the -p port option is so onerous as to make it worth implementing the #port method. -- Rip Loomis Senior Systems Security Engineer SAIC Center for Information Security Technology> -----Original Message----- > From: John Hardin [mailto:johnh at aproposretail.com]> > Also, how about supporting the "ssh user at host#port" number > syntax, instead > > of requiring the -p option? > > I'd suggest user at host:port to be more in line with established > conventions, unless the colon is already being used for something > else... >
"Loomis, Rip" wrote:> > John-- > I agree that user at host:port would be more in line with > other non-ssh uses, but the colon is already magic to scp with > a different meaning.I think the context of the suggestion was within the known_hosts file, not on the command line. -- John Hardin <johnh at aproposretail.com> Internal Systems Administrator voice: (425) 672-1304 Apropos Retail Management Systems, Inc. fax: (425) 672-0192
Btw, I believe the reason for the inconsistency -p and -P is because of compatability with ssh-rsh scp-rcp rcp uses -p for something else, so scp cannot use -p. -rchit -----Original Message----- From: Marc Boucher [mailto:marc at mbsi.ca] Sent: Tuesday, September 04, 2001 5:34 PM To: Kevin Steves Cc: openssh-unix-dev at mindrot.org Subject: Re: openssh and multiple ports On Tue, Sep 04, 2001 at 04:42:34PM -0700, Kevin Steves wrote:> On Tue, 4 Sep 2001, Marc Boucher wrote: > :it's an unnecessary kludge. The user shouldn't have to deal with this. > :Openssh should do the right thing and differentiate host keys with port > :numbers along names and addresses. > > i think most will agree, however no one has written the code to support > this. it will happen at some point.ok> :> > > Also, how about supporting the "ssh user at host#port" number syntax,instead> :> > > of requiring the -p option? > :> > > :> > I'd suggest user at host:port to be more in line with established > :> > conventions, unless the colon is already being used for something > :> > else... > : > :I think '#' is better, since it maintains compatibility with the other > :implementation, and besides, the ':' character is already used in IPv6 > :addresses. > > i don't see a good reason to add another way to specify port on the > ssh command line.I think it's a matter of taste (I personally find it much more practical and logical to do "scp marc at mbsi.ca#2:/tmp/file dest" than "scp -P 2 marc at mbsi.ca:/tmp/file", which requires that you remember an option letter that isn't even consistent between commands; as ssh uses lowercase '-p') and compatibility with ssh.com's implementation, which has supported this feature for a long time. Marc