[patch] known hosts with ports

[m.lavy]

Hello. We are currently installing a new firewall, and would like to use a 
mixture of NAT and port mapping to have a single "gateway" host address 
which exposes a range of open ports, each of which maps to sshd of a 
different host in our internal network (e.g. ssh.jesus.cam.ac.uk on port 
6789 maps to internal host1 port 22 whereas ssh.jesus.cam.ac.uk on port 6790 
maps to internal host2 port 22).

There is a problem here: client A connects on port 6789 and reaches host1 
successfully; he saves the host key (which ssh client sees as the host key 
for ssh.jesus.cam.ac.uk) in known_hosts. He then connects on port 6790, but 
on connection will be warned that the host key has changed, because he will 
connecting to a host that LOOKS as though it is the same as host1, even 
though it is not the same in reality. 

I don't know if this is a problem that anyone else has faced, or if 
attempting to solve it is a particularly good idea. However, my solution has 
been to patch the ssh client so that it looks up known hosts by host AND 
PORT. I've patched main() in ssh.c because that seemed the cleanest place to 
do it without making lots of code changes. Patch is attached to this mail. 
I'd be grateful for thoughts on whether this is a sane approach to the 
problem; anyone please feel free to use the patch under the BSD licence. 

Apologies if this is not an appropriate list for the mailing. 

Regards, 

Matthew 

 --
Matthew M Lavy MA MPhil ARCM LTCL
Technical Systems Developer
Jesus College, Cambridge CB5 8BL
Tel: 01223 339944 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh-client.diff
Type: application/octet-stream
Size: 406 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010828/88fe21ae/attachment.obj