On Sun, 22 Oct 2000, R Signes wrote:
>I've got a DSL line coming into my house. It goes into a linux box and
>that box IP masquerades for the rest of the house LAN.
>
>I have sshd running successfully on the masq'er (Router). I also set it
>up on a machine (Ignatius) inside the masquerading firewall and configured
>Router to forward a port to Ignatius' ssh port, so I can connect to
>ignatius from outside without having first to connect to Router.
>
>This confuses ssh, however. If I'm on another, external machine, and I
>use ssh to connect to Router, it saves that IP with its key in
>$HOME/.ssh/known_hosts -- but if I then use ssh to connect to Ignatius, it
>tries to read the same IP's key.
This sounds like a problem I have. A friend of mine has a web server behind a
firewall, and I ssh in occasionally to update a web page. Port 22 of the
firewall is forwarded to port 22 of the webserver. (No one may log into the
firewall from outside - indeed, the only time anyone even touches it is when
there is network trouble.) I *always* have to type my password when sshing in,
even though my key is on it, I have no trouble sshing to my box, and our setups
are identical as far as ssh goes (openssh-2.1.1p3-1mdk).
SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090581f).
debug: Reading configuration data /etc/ssh/ssh_config
debug: Applying options for *
debug: Seeding random number generator
debug: ssh_connect: getuid 500 geteuid 0 anon 0
debug: Connecting to <snip> port 22.
debug: Seeding random number generator
debug: Allocated local port 878.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.1.1
debug: Local version string SSH-1.5-OpenSSH_2.1.1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
debug: Host <snip> is known and matches the RSA host key.
debug: Seeding random number generator
debug: Encryption type: 3des
debug: Sent encrypted session key.
debug: Installing crc compensation attack detector.
debug: Received encrypted confirmation.
debug: Trying RSA authentication with key <snip>
debug: Server refused our key.
debug: Doing password authentication.
<snip>'s password:
debug: Requesting pty.
debug: Requesting X11 forwarding with authentication spoofing.
debug: Requesting shell.
debug: Entering interactive session.
phma
