[Bug 910] known_hosts port numbers

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Aug 6 03:22:50 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=910

           Summary: known_hosts port numbers
           Product: Portable OpenSSH
           Version: 3.7.1p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: devin.nate at bridgecomm.net


At our sites, we have many situations where we hide many SSH hosts behind a
single IP address, where a Firewall is doing NAT and port forwarding. For
example, we may have 3 hosts (each with different host keys), A, B, and C. For
example:

Host A: 1.1.1.1 port 2222
Host B: 1.1.1.1 port 22
Host C: 1.1.1.1 port 2020

Unfortunately, the known_hosts file only records the IP address of the machine,
and therefore if a person connects to host A, accepts the host key, and then
tries to connect to host B or host C they will get a message indicating that the
host key has changed. In our production environment, we force our users to use
strick host key checking, and they don't have direct access to their known_hosts
file.

This bug/feature request is for the inclusion of the port number in the
known_hosts file. I'd recommend in the known_hosts format:

ip.ip.ip.ip:port ...

... where the :port is new, and if not specified defaults to port 22.

Thanks,
Devin Nate



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list