Re: Multiple FreeNX servers and SSH ports

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sun, 2010-03-21 at 17:03 +0100, Niki Kovacs wrote:
> Ned Slider a écrit :
> 
> > Choose a random unused high port number (above 1023)
> > 
> > http://www.iana.org/assignments/port-numbers.
> > 
> >> 2) How do I configure these different ports ? By that, I mean : how do I 
> >> tell SSH to use them instead of port 22 ?
> >>
> > 
> > http://wiki.centos.org/HowTos/Network/SecuringSSH#head-3579222198adaf43a3ecbdc438ebce74da40d8ec
> 
> Thanks, that helped. I sort of managed to configure different SSH ports 
> for the two machines. Now I'm facing another quite unexpected problem. 
> Let me try to describe what's going on.
> 
> Machine number 1 (bernadette) is 192.168.1.2. I reconfigured SSH on this 
> machine to use port 10022.
> 
> Machine number 2 (raymonde) is 192.168.1.3. SSH port on raymonde is 10023.
> 
> I took care of reconfiguring the firewall and open the respective ports 
> (10022:tcp on bernadette, 10023:tcp on raymonde).
> 
> In my router's web interface (Expert Mode > NAT) I defined a port 
> redirection, so that requests for port 10022 are rerouted to 
> 192.168.1.2, and requests for port 10023 to 192.168.1.3.
> 
> Now I can ssh into my two machines from the outside, using my public IP 
> address. E. g. :
> 
> # ssh my.ip.add.res -p 10022 --> I'm logged into bernadette
> 
> # ssh my.ip.add.res -p 10023 --> Logs me into raymonde
> 
> Except... when logging in a second time, in the other machine, I get 
> this, understandably :
> 
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> 
> 
> Now, of course, I could manually open ~/.ssh/known_hosts, erase the 
> respective line and then log back again. But is there a more orthodox 
> way to log into two different machines via two distinct ports on one 
> single IP address without getting this sort of error ?
----
I have resorted to using DNS to do this...

ssh -p SOME_PORT_NUMBER hostname1.example.com
ssh -p SOME_OTHER_PORT hostname2.example.com

and hostname1.example.com and hostname2.example.com actually point to
the same IP address (maybe one is an A record and the other a CNAME).

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux