[TCLUG] ssh server behind NAT

[Clay Fandre]

$ man ssh_config
[snip]
 CheckHostIP
      If this flag is set to ``yes'', ssh  will  additionally
      check  the  host  IP  address  in the known_hosts file.
      This allows ssh to detect if a host key changed due  to
      DNS  spoofing.   If  the  option  is set to ``no'', the
      check will not be executed.  The default is ``yes''.



On Fri, 23 Jan 2004, Robert P. Goldman wrote:

> 
> Here's a question that has me a little bamboozled.  I have a couple of
> machines behind NAT that I can ssh to through dynamic DNS.  But every
> time I do, ssh whines about their host keys being bad.  They don't
> match, of course, because the two machines have different RSA keys.
> But they have the same symbolic name --- the only difference is that
> I go in through different ports to get to the two different machines.
> Any way to make ssh shut the heck up about this?  Better yet, is there
> any way to convince ssh that what's important is an IP name and port
> number PAIR, instead of just an IP name?
> 
> Thanks!
> R
> 

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list