Host verification problem

Darren Tucker dtucker at zip.com.au
Sun May 15 22:30:27 EST 2005


Hadmut Danisch wrote:
[...]
> Since SSH uses the IP address but not the port to verify the peer
> host, ssh always blocks/warns when connecting to a different port
> since it detects a changed host key. This means to edit the host key
> file every time or to ommit host key validation.

Or use a HostKeyAlias in your ssh_config, eg, for hosts "server1" and 
"server2" behind ports 2222 and 2223 of "gateway":

Host server1
	Hostname gateway
	Port 2222
	HostKeyAlias server1
Host server2
	Hostname gateway
	Port 2223
	HostKeyAlias server2

> Please store the host keys based on hostname/IP and port number. 

See: http://bugzilla.mindrot.org/show_bug.cgi?id=910

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.




More information about the openssh-unix-dev mailing list