logging into port-forwarded ssh confuses certs

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I use redir (http://sammy.net/~sammy/hacks /)
to map ssh ports from behind my firewall, onto
the firewall -- so I can log into the interior machine from outside,
via "ssh -p <port> my.firewall.com".
(redir works well.)

This causes confusion in the "known_hosts" file on the client side,
 because the cert associated with
the interior machine doesn't match that of my.firewall.com.

Is there a Canonical fix to this problem?  Or a hack?
Or maybe a kludge?  I'd rather not use the same cert for
all the machines -- that would qualify maybe as a bandaid?


Re: logging into port-forwarded ssh confuses certs

Quoted text here. Click to load it

HostKeyAlias.  Put something like this into the client config:

Host internal.firewall.com
    Hostname my.firewall.com
    Port <port>
    HostKeyAlias internal.firewall.com

Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Site Timeline