Thanks to Alex Rhomberg and Ray Olszewski. My problem has solved! I copied ssh_host_* files from /etc/ssh of my firewall to my 192.168.2.1 as suggested by Alex and I issued "ssh mydomain.dyns.cx -p 1022" from a computer outside of my firewall. Hurray, I could log in to 192.168.2.1 now. This is great! Thanks again for your help. Jimmy
----- Original Message ----- From: "Alex Rhomberg" <[EMAIL PROTECTED]> To: "Jimmy Lu" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, January 28, 2004 2:52 PM Subject: RE: [leaf-user] how to ssh host behind Bering firewall? > Jimmy Lu wrote: > > I have a single public dynamic IP address to my firewall which is > > mydomain.dyns.cx. > > I added the followings in /etc/shorewall/rules to try it out: > > ACTION SOURCE DESTINATION PROTOCOL PORT > > DNAT net dmz:192.168.2.1:22 tcp > > 1022 > > When I issued "ssh mydomain.dyns.cx -p 1022" from my Linux > > computer outside > > of > > the firewall, I got the following errors: > > WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! > > It is possible that the RSA host key has just been changed. > > This is normal ssh behaviour; SSH remembers one public key for each > hostname/IP Address, and complains if that key changes. Because it is a sign > of a possible man in the middle attack. You use two different keys, so ssh > issues the warning. Note that it is not an error, just a warning! > > Solutions: > - Use the same keys for both ssh daemons. The keys are in > /etc/ssh/ssh_host_* > or > - use different hostnames or a hostname alias so ssh stores the keys under > different names. > > Cheers > Alex > ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
