> -----Original Message----- > From: christopher j bottaro [mailto:cjb@;cs.utexas.edu] > Sent: Wednesday, November 06, 2002 3:11 PM > To: [EMAIL PROTECTED] > Subject: Re: two puters running sshd behind a firewall > > > right, i kinda did the same thing. in /etc/hosts i made two > different aliases > to the same ip address (i.e. my gateway). > ex: > compA 66.55.44.33 > compB 66.55.44.33 > > ssh -p 22 compA > ssh -p 222 compB > > this works, there will be seperate keys in known_hosts for > compA and compB, > but ssh will store the key for ip address 66.55.44.33 with host compA > (because it was created first). > > for example, after running those two ssh commands, your > known_host file will > look like this: > compA,66.55.44.33 ssh-rsa <long ass string here> > compB ssh-rsa <long ass string here>
Yep, this is EXACTLY how it appears in mine, though I don't alias the hosts in my /etc/hosts file, I use a FQDN using different hostnames. In principle, though, either should work the same, as long as you use the host names and not the raw ip (since that's how it's stored in the known_hosts file). > notice that the ip address is stored with compA. ssh notices > this also and > when you try to connect to compB, ssh will issue a > warning...no big deal, i > can live with that (although if anyone knows a way to turn it > off, i'd > appreciate the info). > > christopher Hmmm... now this, I don't get (and remember, I have three hosts I work this way). I have to accept the key the first time I log in (as you always do) for every host, but after that I don't have any issues. That said, I may have a reasonable difference (well, maybe not REASONABLE, but it's the way I set up).... I share the keys via all of my internal hosts over NFS mounted shares in order to have a central configuration point. So, my keys for all hosts are the same.... which may be why I don't get the warning. However, it's JUST a warning, as opposed to the bombing out you were getting and allows you to do what you wanted. I'd never share the same key on multiple systems at work, but I took a "least amount of maintainence" approach at home. I suppose the warning is that you may be seeing a "Man in the Middle attack"? Bill Ward -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
