Re: [uug] ssh paranoia

Hans Fugal Wed, 22 Oct 2003 06:53:16 -0700

What you really want:

Host foo
    Hostname Q
    Port 8001
    HostKeyAlias foo
Host bar
    Hostname Q
    Port 8002
    HostKeyAlias bar


etc.

* Frank Sorenson [Tue, 21 Oct 2003 at 20:45 -0600]
<quote>
> On Tue, 21 Oct 2003, Ross Werner said:
> > Hey all,
> > 
> > Let's say box Q is visible to the Internet, acting as a firewall, and port
> > forwarding various ports to a dozen boxes behind a firewall. Hence if I
> > 
> > ssh -p 8001 Q
> > I get firewalled box one,
> > ssh -p 8002 Q
> > I get firewalled box two,
> > ssh -p 8003 Q
> > I get firewalled box three,
> > 
> > and so forth. Unfortunately, ssh remembers what the RSA key was for my
> > last session with Q, and keeps giving me all these "IT IS POSSIBLE THAT
> > SOMEONE IS DOING SOMETHING NASTY!" errors, forcing me to go in and delete
> > the key out of ~/.ssh/known_hosts.
> > 
> > My question is: is there a way to store multiple keys in
> > ~/.ssh/known_hosts, so that ssh won't whine at me every time I want to
> > connect to a different host through a different port on the same machine
> > Q?
> 
> You should be able to add something to your ssh config file 
> (~/.ssh/config) like this:
> 
> Host Q
>       StrictHostKeyChecking no
> 
> You might also want to read more in "man ssh_config".  There may be more 
> options that might help (CheckHostIP??).
> 
> Not exactly related, but I've also found some fun stuff in the sshd_config 
> manpage.  One of my favorites is ClientAliveInterval!  No more dropped 
> connections when idling from behind a NAT connection!
> 
> Frank
> ---------------------------------------------------------------------------
> Frank Sorenson - KD7TZK
> CSR Computer Science Department
> Brigham Young University
> [EMAIL PROTECTED]
> 
> 
> ____________________
> BYU Unix Users Group 
> http://uug.byu.edu/ 
> ___________________________________________________________________
> List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list
</quote>

-- 
 Hans Fugal                 | De gustibus non disputandum est.
 http://hans.fugal.net/     | Debian, vim, mutt, ruby, text, gpg
 http://gdmxml.fugal.net/   | WindowMaker, gaim, UTF-8, RISC, JS Bach
---------------------------------------------------------------------
GnuPG Fingerprint: 6940 87C5 6610 567F 1E95  CB5E FC98 E8CD E0AA D460

pgp00000.pgp
Description: PGP signature

____________________
BYU Unix Users Group 
http://uug.byu.edu/ 
___________________________________________________________________
List Info: http://uug.byu.edu/cgi-bin/mailman/listinfo/uug-list

Re: [uug] ssh paranoia

Reply via email to