Displaying 3 results from an estimated 3 matches for "bastion2".
Did you mean:
bastion
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...d with "-o ExpectHostKey=?" that tells the SSH
client "ignore your known_hosts file, the host *will* be using this
key". So if you know the public key (e.g. you did a `ssh_keyscan`), you
can either:
put in .ssh/config:
Host mytarget
Hostname 172.16.1.2
ProxyJump user2 at bastion2
ExpectHostKey ecdsa-sha2-nistp256 AAAA?=
Host bastion2
Hostname 192.168.123.45
ProxyJump user at bastion1
ExpectHostKey ecdsa-sha2-nistp256 AAAA?=
Host bastion1
Hostname 10.20.30.40
ExpectHostKey ecdsa-sha2-nistp256 AAAA?=
OR, you might specify it on the command line (assuming the bastions...
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
...assume the local IPv4 address is
> unique, since it's not (and in many cases, not even static).
If the IP address is not significant, you can tell ssh to not record
them ("CheckHostIP no").
[...]
> Host mytarget
> Hostname 172.16.1.2
> ProxyJump user2 at bastion2
I think you just need "HostKeyAlias mytarget" here.
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
2023 Aug 18
1
Host key verification (known_hosts) with ProxyJump/ProxyCommand
On 18/8/23 15:39, Darren Tucker wrote:
>> Host mytarget
>> Hostname 172.16.1.2
>> ProxyJump user2 at bastion2
> I think you just need "HostKeyAlias mytarget" here.
Ahh, in my scanning through the `ssh_config` manpage, I missed this, and
change logs seem to indicate this feature has been around since at least
2017, so should not cause compatibility issues with the other users.
No problems,...