Re: ssh - alternate ports, and host verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



dnk wrote:
> I have a centos box that will need to ssh into 2 other centos boxes  
> (with keys). Now one of these boxes is a firewall, and another is a  
> system behind the firewall. I have rules in my firewall to punch into  
> the system behind the FW.
>
> Now if i connect to the IP (sine the public one is shared), anytime i  
> connect to the other system, I get the host verification failed error  
> and have to remove the IP from the known_hosts file.
>
> What is the best (secure) way to get around this? I know i can disable  
> the check, but that is not my preferred way.
>   
There are two ways to do it. The first way is to simply set the host 
keys to be the same on all the boxes (copy the contents of the 
/etc/ssh/*key* files from one box to all of the boxes). The other way is 
to setup separate ssh_config files for each destination with different 
known_host files and invoke ssh as 'ssh -F configfile1 host1', 'ssh -F 
configfile2 host2', etc.

-- 
Benjamin Franz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux