Re: SSH to one address, different ports, different hosts
Ben Scott writes: > Anyone else have thoughts or ideas to offer? ssh client doesn't mind if there is more than one entry for a given host in the known_hosts file. Because of this you can simply manually edit the known_hosts file to have multiple entries (one for each actual host) all with the same hostname. ssh client won't do this automatically, but once you know the public keys for each host you can then edit the file and add all of them. Once you add them all it will accept any of them for that hostname. Example: some.host.com ssh-rsa KEY-TEXT-FOR-HOST-1. some.host.com ssh-rsa KEY-TEXT-FOR-HOST-2. You can then ssh to some.host.com on some port and ssh client will accept EITHER key listed in the file. -- Dave ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: SSH to one address, different ports, different hosts
On Mar 11, 2007, at 9:59 AM, Ben Scott wrote: For now, I've written two stanzas in my $HOME/.ssh/config file, one for each box, and used the "UserKnownHosts" directive to assign different known_hosts files to each. So "ssh homegw" uses "$HOME/.ssh/homegw.known_hosts" and "ssh blackfire" uses "$HOME/.ssh/blackfire.known_hosts", and everything else uses the default. Anyone else have thoughts or ideas to offer? I do something similar. I just have different host stanzas in my .ssh/config file with ports listed like this: host my.home.com hostname my.home.com port 3 host linuxbox hostname linuxbox.home.com port 2223 This also has the advantage of being able to type "ssh linuxbox" instead of "ssh -p 2223 my.home.com" That took care of the multiple known_hosts entries for the same host for me. Hope that helps. - Chris ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: SSH to one address, different ports, different hosts
On Sun, 2007-03-11 at 11:59 -0400, Ben Scott wrote: > Hello, world. > > So anyway, I finally got around to installing the OpenWRT firmware > on my LinkSys WRT54G box today (a remarkably easy and painless > process, BTW). I agree, that was much easier than I feared it would be. Just did it here. And my paired down config had enough pieces to still work. -dl ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: SSH to one address, different ports, different hosts
On 3/11/07, Bruce Dawson <[EMAIL PROTECTED]> wrote: So I now have two completely different boxes (LinkSys WRT54G, and my Dell PC) appearing to the world on a single IP address. The known_hosts file can have a comma-separated list of hosts in the first field. Hmmm. That just lets me have multiple IP addresses for the same key, right? I've got the opposite problem: Multiple keys for the same IP address. Hmmm, I wonder what would happen if I just cat'ed the two known_hosts files together... ah-hah! That appears to have worked! I've now got a known_hosts file with two lines which contain the same DNS name and IP address, but different public keys. ssh appears to be happy with either host/port now (it presumably tries each matching line until it finds a key that works, or falls off the end of the file and fails). You can also turn off StrictHostKeyChecking (but I haven't tried this). The man page suggests that just prevents new host keys from being added to the known_hosts file; it doesn't actually turn *off* host key checking. At least, that's my interpretation. -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
Re: SSH to one address, different ports, different hosts
Ben Scott wrote: Hello, world. So anyway, I finally got around to installing the OpenWRT firmware on my LinkSys WRT54G box today (a remarkably easy and painless process, BTW). I set-up SSH on said box to listen on a non-standard port and opened the firewall to that. This lets me SSH directly into the router -- useful to try and figure out why my "real computer" is not responding when I attempt to SSH into *it*. So I now have two completely different boxes (LinkSys WRT54G, and my Dell PC) appearing to the world on a single IP address. The problem is, when I use OpenSSH's "ssh" to connect to the second box, it screams bloody murder that the host key has changed and refuses to connect. Partial extract: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Host key verification failed. That is, of course, by design. The normal assumption is one-to-one between IP addresses and hosts. So a different host key from the same IP address is normally a Bad Thing. But in this case, the first assumption is invalid -- I have multiple hosts at one IP address. Ideally, there would be some way to make ssh identify hosts not just by IP address, but by IP-address:port combinations. I didn't see one. For now, I've written two stanzas in my $HOME/.ssh/config file, one for each box, and used the "UserKnownHosts" directive to assign different known_hosts files to each. So "ssh homegw" uses "$HOME/.ssh/homegw.known_hosts" and "ssh blackfire" uses "$HOME/.ssh/blackfire.known_hosts", and everything else uses the default. Anyone else have thoughts or ideas to offer? The known_hosts file can have a comma-separated list of hosts in the first field. You can also turn off StrictHostKeyChecking (but I haven't tried this). I don't think openssh (yet) provides the ability to match on port numbers. --Bruce ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/
SSH to one address, different ports, different hosts
Hello, world. So anyway, I finally got around to installing the OpenWRT firmware on my LinkSys WRT54G box today (a remarkably easy and painless process, BTW). I set-up SSH on said box to listen on a non-standard port and opened the firewall to that. This lets me SSH directly into the router -- useful to try and figure out why my "real computer" is not responding when I attempt to SSH into *it*. So I now have two completely different boxes (LinkSys WRT54G, and my Dell PC) appearing to the world on a single IP address. The problem is, when I use OpenSSH's "ssh" to connect to the second box, it screams bloody murder that the host key has changed and refuses to connect. Partial extract: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Host key verification failed. That is, of course, by design. The normal assumption is one-to-one between IP addresses and hosts. So a different host key from the same IP address is normally a Bad Thing. But in this case, the first assumption is invalid -- I have multiple hosts at one IP address. Ideally, there would be some way to make ssh identify hosts not just by IP address, but by IP-address:port combinations. I didn't see one. For now, I've written two stanzas in my $HOME/.ssh/config file, one for each box, and used the "UserKnownHosts" directive to assign different known_hosts files to each. So "ssh homegw" uses "$HOME/.ssh/homegw.known_hosts" and "ssh blackfire" uses "$HOME/.ssh/blackfire.known_hosts", and everything else uses the default. Anyone else have thoughts or ideas to offer? -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/