As of version 3.0.2p1 and perhaps earlier localhost forwarded connections are checked in known_hosts. The difficulty is that if you have multiple forwards, only one of them will exist as a valid host key for localhost. All the others will be treated as a "Changed" key prompting reduced functionality including disallowing agent-forwarding. Depending on StrictHostKeyChecking being set, the connections might not be allowed at all. I suggest that the known host file have a host:port type scheme so a machine running multiple sshd's will respond correctly as well as multiple localforwards. I note that this problem probably did not present itself since KnownHostKey checkings did not seem to be active for localhost in older versions of openssh. Bob
On Tue, Jan 08, 2002 at 05:41:57PM -0800, bob-openssh at technogeeks.com wrote:> As of version 3.0.2p1 and perhaps earlier localhost forwarded connections > are checked in known_hosts. The difficulty is that if you have multiple > forwards, only one of them will exist as a valid host key for localhost.try to read the manpage, check that HostKeyAlias or UserKnownHosts work, and if you really need, use NoHostAuthenticationForLocalhost