Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Andrew Bashere
January 29, 2004, 2:47 pm
rate this thread
OpenSSH and the commercial SSH. OpenSSH associates a key with a
(hostname,ip) where as SSH uses a (resolved-hostname,port).
I looked into this as a result of trying to use port-redirection on a
NAT box to reach other machines behind the interface using
SSH/OpenSSH. SSH(client) had no problems accepting the fact that
there are different keys on the same host (at different ports).
OpenSSH identified the man-in-the-middle alright; but then seemed to
want to change the recorded key for the host.
Is there a way to have OpenSSH work more like the commercial SSH with
regards to the port discrimination?
Re: Multiple host signatures connecting in through NAT
Kind of. See the ssh_config man page for HostKeyAlias and CheckHostIP.
Basically, put this into ~/.ssh/config:
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
- » prob. executing 'pg' command through putty connection
- — Next thread in » Secure Shell Forum
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum