HI,

I have 2 linux machine at home which are behind NAT router. I forward port 22 and another different port for each of the machine.

Since they are only differentiate by dffferent port, when i ssh from remote, i was prompt that the same IP has different rsa and stop me from login.

I'd like to know other then keep deleting /root/.ssh/known_hosts , anyway i can let ssh client know to tell the diffferent by port number? (so i dont' have to delete that ip entry all the time.)


Thx in advance

Chris

This wouldn't be exactly standard practice in the security circles, but I guess you could make the two systems share the same hosts keys. Don't know if that would work, but you could give it a shot.

On my Debian system these host keys are found in /etc/ssh/ssh_host_* files. Four files total, two for dsa (pub and priv), two for rsa (pub and priv). Pick one system as the master, and copy it's keys over to the other system. Be sure and backup the original keys before overwriting in case you decide this is not a good thing to do and want to restore back to original conditions.

This is the way I see it needs to be setup

machine one:
Static IP and set port to 22 for ssh

machine two:
Static IP different of course and set port to 22 for ssh

Now on the router. Portfoward on the external ip port 22 to machine 1 port 22. Then for the other portfoward on eternal port 23 to machine 2 port 22.

external xxx.xxx.xxx.xxx port 22 to internal machine 1 xxx.xxx.xxx.xxx port 22
external xxx.xxx.xxx.xxx port 23 to internal machine 2 xxx.xxx.xxx.xxx port 22

Or a you can ssh to one internal machine and once logged into that one ssh to the other.

Brian1

I have the exact same problem because I am routinely accessing two different machines on the same LAN behind a router for a client of mine.

The only solution I have found is to use two different user IDs on my machine to access them. Typically I am using my ordinary user name to access one machine (on Port 21) and I am using my root user to access the other machine (on Port 22). Sometimes, depending on what I am doing, I ssh into one machine then ssh from that machine to the other machine to avoid using my root ID, but on those occasions where I have to directly access each machine, that is how I do it.

To make this clear, I have blocked root logins on those machines; I am not logging onto the remote machine as root. On my system, I am opening a shell, su to root, then logging into the remote machine like this: ssh -Y -f user@server xterm.

Since I have two different userIDs in use on my machine, I avoid the rsa problem.