Might want to allow different host keys for different ports on same host
Markus Friedl
markus.friedl at informatik.uni-erlangen.de
Fri Dec 29 00:36:00 EST 2000
the HostKeyAlias option (added yesterday)
can be used for this and similar problems.
On Thu, Dec 28, 2000 at 02:31:14PM +0100, Christian Kurz wrote:
> Hi,
>
> and here's the next feature request, which sounds interesting. Also I
> think I won't need much extra code to add this feature. So what do you
> guys think?
>
> > `ssh' with its host key checking is incompatible with the use of
> > `redir' to map different ports on a gateway/firewall system to
> > different systems behind the firewall.
>
> > For instance, I redirect ports as follows:
>
> > |-----------------|
> > | fw.somesite.com |
> > |-----------------|
> > -> | port 2224 | -> (port 22) internalhost1.somesite.com
> > Internet -> | port 2223 | -> (port 22) internalhost2.somesite.com
> > -> | port 2222 | -> (port 22) internalhost3.somesite.com
> > |-----------------|
>
>
> > In this case, the following three commands end up on different hosts:
>
> > ssh -p 2224 fw.somesite.com
> > ssh -p 2223 fw.somesite.com
> > ssh -p 2222 fw.somesite.com
>
> > Thus, there are different host keys, which leads `ssh' to believe that
> > the host key has been altered between sessions.
>
> > Would it be possible to save both host/IP as well as portnumber as
> > keys in the 'known_hosts' file?
>
> Ciao
> Christian
> --
> Debian Developer and Quality Assurance Team Member
> 1024/26CC7853 31E6 A8CA 68FC 284F 7D16 63EC A9E6 67FF 26CC 7853
>
More information about the openssh-unix-dev
mailing list