-   Linux - Security (
-   -   Multiple Machines behind single Static IP - failing remote ssh (

Animalector 06-20-2005 12:08 AM

Multiple Machines behind single Static IP - known_hosts issue
Hi there.
I am running around 10 machines in a network, behind a single fixed IP ADSL connection. all machines are running an embedded linux operating system. Each machine has been assigned a different ssh listening port, other than standard 22.

I would like to be able to connect to each of these machines from a single remote location.

ssh -p 123 user@111.222.333.444
ssh -p 124 user@111.222.333.444

I have setup public / private key pairs for them all, however, once the first machine has been added to the known_hosts list, all following machines clash. I have tried listing them in /etc/hosts, using names rather than IP's but they still fail. Is there a way around this.

Thank you

peter_robb 06-20-2005 05:36 AM

Easiest way around this is to only use a name for the destination rather than the ip number.
The ssh client will see the name and not a conflicting ip number in /.ssh/known_hosts
Clear out ant existing record in known_hosts..
Place the ip number in /etc/hosts with all the names you wish to use..
xxx.yyy.zzz.nnn server.1 server.2 ws.2203 etc

ssh -p 2201 server.1
ssh -p 2202 server.2
ssh -p 2203 ws.2203

If this setup fails, then the router/firewall bewteen the network and the pcs needs to be improved..

Animalector 06-20-2005 08:06 AM

I did place entries in the /etc/hosts file however, I didn't remove all other entries in known_hosts first, which was the issue. Seems as though there was a conflict with one of the other entries in this file. Thank you for the info...


Animalector 08-16-2005 01:24 AM

Further help required on this one...
For some reason after a good few months of flawless operation, I have run into a new problem.
Symptoms are conflicting entries in /user/.ssh/known_hosts
I am using a listing in the /etc/hosts file as such:

111.222.333.444 NAME1 NAME2 NAME3 NAME4... etc...

now I have removed all entries in the known_hosts file, restarted the sshd, and now when connecting to the systems,
ssh -p PORT_NUM user@NAME1
I get a generated entry in the known_hosts file like so...
NAME1, 111.222.333.444 ssh-rsa 3cn4blahblahblah
whereas the previous entries looked like:
NAME1 ssh-rsa 3cn4blahblahblah
the new entries conflict with the subsequent entries for the other systems since they are associated by name as well as IP.

I'm a bit lost on this one since I have no idea why it started doing this in the first place.

Thanks in advance


peter_robb 08-17-2005 07:26 AM

Something has tried to connect using the ip number..

You may need to keep an original copy of the known_hosts file and replace/rewrite it every couple of weeks..

Animalector 08-17-2005 04:55 PM

Understandable that something may have tried connecting which threw it off.. but why, even after I have removed all entries from known hosts, rebooted, will it not work as before. THe thing that really get's me confused is the fact that with the new entries that are being created, it is listing the name associated with the address in hosts, as well as the address. whereas before it was always just the name.



peter_robb 08-17-2005 05:40 PM

It's a good question..

And I can't answer it..

I suspect sshd was upgraded at some point..

I have edited my known_hosts file to remove the ip numbers, and occasionaly have to copy it back after an automatic script has used a number to connect. I suspect scp may be the culprit, but I rather manage it than fix it.. :)

Animalector 08-17-2005 06:23 PM

ACtually, when I was testing i didn't use scp, I was trying to ssh into one of my systems instead. Come to think of it, I haven't tried an scp to see how that will perform. I predict it will do the same thing however (complain and add name and address together to known_hosts...)


Animalector 08-18-2005 07:01 PM

Ok for those who are interested... THe problem was with the /etc/ssh/ssh_config file, there is a line in there "CheckHostIp no" that had been commented out by someone while I was away, which I did not know about.

This line ensures that both hostname and IP are checked when referencing the known_hosts file... and as a result if there is no entry, a name and IP will be written in together.

Thanks for the assistance..


All times are GMT -5. The time now is 10:52 PM.