> -----Original Message----- > From: Paul Campbell [mailto:seapwc@;halcyon.com] > Sent: Wednesday, November 06, 2002 12:59 PM > To: [EMAIL PROTECTED] > Subject: Re: two puters running sshd behind a firewall > > > look for a .ssh directory in your $HOME directory. > It has a known_hosts file. > I do rm -rf .ssh
Which is not the solution; this will be recreated when he logs in, and he'll still be stuck with only connecting to one of the machines. > At 08:50 AM 11/6/02, you wrote: > >ok, > >i got computer A running sshd listening for connections on > port a, i got > >computer B running sshd listening for connections on port b. > both are behind > >a hardware firewall that forwards stuff on port a to > computer A and stuff on > >port b to computer B. the hardware firewall is also my > gateway. lets call > >my ip address X. > > > >now the problem is sshing from a single machine to both > computers A and B. > >consider sshing to computer A: > >ssh -p a X > >yes to creating a key in known_hosts for ip address X > >now if i issue the following command to get into computer B: > >ssh -p b X > >ssh bombs out with a failure message about the RSA host key > has changed. > >obviously cuz computers A and B are different machines, but > known_hosts has > >one key entry for both of them (cuz they share the same ip address). > > > >what can i do about this? i don't like having to delete stuff outta > >known_hosts every time i wanna ssh into a different one of > my home computers. The proper answer is to have two different FQDNs pointing to the same IP, such as foo.bar.com and fee.bar.com which both alias to fie.bar.com (I.E., your router). An example of this is to assume the following: suppose you use Dyndns.org to get yourself a static hostname for a dynamic (but it doesn't HAVE to be) IP. You can create two entries, myhome1.dyndns.org and myhome2.dyndns.org (or, in my case, Ratbert.something.dnsalias.org Dilbert.something.dnsalias.org and Dogbert.something.dnsalias.org, for the three machines I do this to, with something be my own unique domain name). Let's say I have (in my case) Ratbert on port 22, Dogbert on port 222, and Dilbert on port 223. I can then do ssh ratbert.something.dnsalias.org or ssh -p 222 dogbert.something.dnsalias.org or ssh -p 223 dilbert.something.dnsalias.org and each one has it's OWN entry into my local machine's .ssh keyring. Bill Ward -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
