LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 05-20-2006, 03:57 AM   #1
taiwf
Member
 
Registered: Jun 2005
Distribution: debian, ubuntu, redhat,knoppix
Posts: 194

Rep: Reputation: 31
SSH RSA key problem


HI,

I have 2 linux machine at home which are behind NAT router. I forward port 22 and another different port for each of the machine.

Since they are only differentiate by dffferent port, when i ssh from remote, i was prompt that the same IP has different rsa and stop me from login.

I'd like to know other then keep deleting /root/.ssh/known_hosts , anyway i can let ssh client know to tell the diffferent by port number? (so i dont' have to delete that ip entry all the time.)


Thx in advance

Chris
 
Old 05-20-2006, 09:34 AM   #2
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 1,995

Rep: Reputation: 292Reputation: 292Reputation: 292
This wouldn't be exactly standard practice in the security circles, but I guess you could make the two systems share the same hosts keys. Don't know if that would work, but you could give it a shot.

On my Debian system these host keys are found in /etc/ssh/ssh_host_* files. Four files total, two for dsa (pub and priv), two for rsa (pub and priv). Pick one system as the master, and copy it's keys over to the other system. Be sure and backup the original keys before overwriting in case you decide this is not a good thing to do and want to restore back to original conditions.
 
Old 05-21-2006, 02:07 PM   #3
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
This is the way I see it needs to be setup

machine one:
Static IP and set port to 22 for ssh

machine two:
Static IP different of course and set port to 22 for ssh

Now on the router. Portfoward on the external ip port 22 to machine 1 port 22. Then for the other portfoward on eternal port 23 to machine 2 port 22.

external xxx.xxx.xxx.xxx port 22 to internal machine 1 xxx.xxx.xxx.xxx port 22
external xxx.xxx.xxx.xxx port 23 to internal machine 2 xxx.xxx.xxx.xxx port 22

Or a you can ssh to one internal machine and once logged into that one ssh to the other.

Brian1
 
Old 05-21-2006, 09:33 PM   #4
jiml8
Senior Member
 
Registered: Sep 2003
Posts: 3,171

Rep: Reputation: 114Reputation: 114
I have the exact same problem because I am routinely accessing two different machines on the same LAN behind a router for a client of mine.

The only solution I have found is to use two different user IDs on my machine to access them. Typically I am using my ordinary user name to access one machine (on Port 21) and I am using my root user to access the other machine (on Port 22). Sometimes, depending on what I am doing, I ssh into one machine then ssh from that machine to the other machine to avoid using my root ID, but on those occasions where I have to directly access each machine, that is how I do it.

To make this clear, I have blocked root logins on those machines; I am not logging onto the remote machine as root. On my system, I am opening a shell, su to root, then logging into the remote machine like this: ssh -Y -f user@server xterm.

Since I have two different userIDs in use on my machine, I avoid the rsa problem.

Last edited by jiml8; 05-21-2006 at 09:39 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Which is better RSA or DSA public key? tarballedtux Linux - Security 12 02-03-2009 06:15 AM
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
ssh rsa key changed after upgrade itsjustme Linux - General 11 11-06-2003 09:12 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 09:51 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM


All times are GMT -5. The time now is 11:03 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration