LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-03-2007, 12:23 PM   #1
yogaboy
Member
 
Registered: Oct 2004
Location: Londinium
Distribution: CentOs 4, OSX Tiger
Posts: 93

Rep: Reputation: 15
OpenSSH - use mulitple entries in known_hosts?


Hi,

I've got OpenSSH setup on 2 machines NATed behind 1 router. The router has a static IP and forwards to either of the machines depending on the port used.

eg. slogin yogaboy@xxx.xxx.xxx.xxx -i ~/.ssh/id_rsa_machine1 -p 9000
will go to machine 1
slogin yogaboy@xxx.xxx.xxx.xxx -i ~/.ssh/id_rsa_machine2 -p 9001
will go to machine 2


Unfortunately, the xxx.xxx.xxx.xxx IP address is listed in known_hosts with the key for machine 1, so I can connect to machine 1 ok, but when I connect to machine 2 it obviously returns a different host key than the one listed in known_hosts for that IP.

Any idea how I can list both machines in known_hosts? The only other idea I have is to get the host key from machine 1 and use it on machine 2 as well. I'd prefer not, as it's a blatant hack and would prefer a more standard solution. Else I have to alter known_hosts each time.

Any help is much appreciated.
 
Old 02-03-2007, 01:11 PM   #2
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
You might try putting the hostnames of the computers in your hosts file. Then call ssh using the hostname instead.
This should give you separate entries in the known_hosts file.

You will need to keep the hosts file updated if you don't have a static address of course.
 
Old 02-03-2007, 01:30 PM   #3
yogaboy
Member
 
Registered: Oct 2004
Location: Londinium
Distribution: CentOs 4, OSX Tiger
Posts: 93

Original Poster
Rep: Reputation: 15
thanks.

I've found 2 other methods as well. One is here http://marc2.theaimsgroup.com/?l=sec...9665608624&w=2

you basically add extra entries for each host in the ssh_config file, more general last. I didn't know that could be done.

I noticed that the hostname wasn't being recorded in my known_hosts file, so I've added the host, the fqdn, the ip and the local ip all seperated by commas to both entries and now I'm having no problem

eg
machine1,machine1.example.com,xxx.xxx.xxx.xxx,192.168.0.2 keyhere....
machine2,machine2.example.com,same.ip.as.above,192.168.0.3 keyhere....

Hope this all helps someone. Thanks for the input jschiwal, I appreciate it.
 
Old 02-03-2007, 01:38 PM   #4
jschiwal
LQ Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682Reputation: 682
I usually access my disktop with "ssh matrix". Before I wrote the message, I tried "ssh matrix.jesnet". This added a separate line in my ~/ssh/.known_hosts file, even though the key was the same.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables to same port on mulitple machines smarthouseguy Slackware 4 03-30-2006 08:56 PM
ssh known_hosts question lthaus Linux - Security 1 12-08-2004 10:07 PM
mulitple mail servers GraemeK Linux - Networking 2 01-27-2004 09:01 AM
disable mulitple desktops gravij Slackware 5 09-10-2003 08:22 AM
mulitple display support SyntheticBlue Slackware 12 08-28-2003 08:35 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:51 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration