Might want to allow different host keys for different ports on same host
Christian Kurz
shorty at debian.org
Fri Dec 29 00:31:14 EST 2000
Hi,
and here's the next feature request, which sounds interesting. Also I
think I won't need much extra code to add this feature. So what do you
guys think?
> `ssh' with its host key checking is incompatible with the use of
> `redir' to map different ports on a gateway/firewall system to
> different systems behind the firewall.
> For instance, I redirect ports as follows:
> |-----------------|
> | fw.somesite.com |
> |-----------------|
> -> | port 2224 | -> (port 22) internalhost1.somesite.com
> Internet -> | port 2223 | -> (port 22) internalhost2.somesite.com
> -> | port 2222 | -> (port 22) internalhost3.somesite.com
> |-----------------|
> In this case, the following three commands end up on different hosts:
> ssh -p 2224 fw.somesite.com
> ssh -p 2223 fw.somesite.com
> ssh -p 2222 fw.somesite.com
> Thus, there are different host keys, which leads `ssh' to believe that
> the host key has been altered between sessions.
> Would it be possible to save both host/IP as well as portnumber as
> keys in the 'known_hosts' file?
Ciao
Christian
--
Debian Developer and Quality Assurance Team Member
1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
More information about the openssh-unix-dev
mailing list