Host verification problem

Hadmut Danisch hadmut at
Sun May 15 21:59:53 EST 2005


I have a problem with the host verification of ssh in several 
networks of the same structure:

In all cases there is a router or a firewall with an official 
IP address, making the ssh-ports of several hosts with
RFC1918-addresses  available through NAT or TCP forwarding. 

Thus, different hosts appear on the same IP address, just with
different ports.

Since SSH uses the IP address but not the port to verify the peer
host, ssh always blocks/warns when connecting to a different port
since it detects a changed host key. This means to edit the host key
file every time or to ommit host key validation.

Please store the host keys based on hostname/IP and port number. 


More information about the openssh-unix-dev mailing list