Jimmy Lu wrote: > I have a single public dynamic IP address to my firewall which is > mydomain.dyns.cx. > I added the followings in /etc/shorewall/rules to try it out: > ACTION SOURCE DESTINATION PROTOCOL PORT > DNAT net dmz:192.168.2.1:22 tcp > 1022 > When I issued "ssh mydomain.dyns.cx -p 1022" from my Linux > computer outside > of > the firewall, I got the following errors: > WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! > It is possible that the RSA host key has just been changed.
This is normal ssh behaviour; SSH remembers one public key for each hostname/IP Address, and complains if that key changes. Because it is a sign of a possible man in the middle attack. You use two different keys, so ssh issues the warning. Note that it is not an error, just a warning! Solutions: - Use the same keys for both ssh daemons. The keys are in /etc/ssh/ssh_host_* or - use different hostnames or a hostname alias so ssh stores the keys under different names. Cheers Alex ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
