Review your favorite Linux distribution.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 09-11-2006, 02:36 PM   #16
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Original Poster
Rep: Reputation: 49

That's a great solution, Lotharster. But IMHO, since it probably is pretty common that you ssh into many machines sharing the same IP it gotta be possible to rewrite ssh to store fingerprints using an ip/port-combination as the unique identifier instead of just ip as it is now. Or are there any security-reasons against making ssh "nat-aware" that I am missing.

Again, thanks for your workaround.
Old 09-12-2006, 04:38 PM   #17
Registered: Nov 2005
Posts: 144

Rep: Reputation: 18
Just mail the ssh developers and ask them about that. As far as I know, that should not be a security risk. But I'm no expert there.
Old 09-12-2006, 08:19 PM   #18
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Original Poster
Rep: Reputation: 49
Yeah I guess I could do that. But I am surprised that they haven't already done it, if there isn't a big reason why not to. But it won't hurt to ask. :)
Old 10-09-2006, 09:16 AM   #19
Arne de Bruijn
LQ Newbie
Registered: Oct 2006
Posts: 1

Rep: Reputation: 0
There is another solution with the HostKeyAlias and CheckHostIP config keywords.

If you have in your ~/.ssh/config file the lines:
Host A
  Port 2201
  HostKeyAlias A
  CheckHostIP no
Host B
  Port 2202
  HostKeyAlias B
  CheckHostIP no
the host key fingerprint will be stored under the name specified with HostKeyAlias (A/B), so you can use ssh A and ssh B without conflicts.
Old 02-26-2008, 06:03 AM   #20
LQ Newbie
Registered: Feb 2008
Posts: 3

Rep: Reputation: 0
Originally Posted by Ephracis View Post

I have a network with several clients running sshd. I have different port pointing to each client to port 22. I was just wondering if there is any way to cope with the hazzle of rsa key fingerprint in this situation. Whenever I from the outside ssh to a different machine within the network I have to manually remove ~/.ssh/known_hosts before sshing to the client behind the firewall.

Any ideas?
Assuming ports 22221, 22222, etc., are redirected to several different hosts:

ssh-keyscan -t rsa -p 22221 >> ~/.ssh/known_hosts
ssh-keyscan -t rsa -p 22222 >> ~/.ssh/known_hosts
ssh-keyscan -t rsa -p 22223 >> ~/.ssh/known_hosts

I had this problem this morning and decided to solve it, I found this old discussion. It's never too late too give the right answer :-)



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
failed ssh RSA key authentication jdarren Linux - Networking 15 07-06-2008 10:25 AM
SSH RSA key problem taiwf Linux - General 3 05-21-2006 09:33 PM
ssh rsa key changed after upgrade itsjustme Linux - General 11 11-06-2003 09:12 AM
ssh RSA key thanat0s Linux - Security 3 09-29-2003 09:51 PM
RSA public key encryption/private key decription koningshoed Linux - Security 1 08-08-2002 07:25 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:04 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration