[TCLUG] ssh server behind NAT

Fri Jan 23 15:24:35 CST 2004

>>>>> "CF" == Clay Fandre <clay at fandre.com> writes:

    CF> $ man ssh_config
    CF> [snip]
    CF>  CheckHostIP
    CF>       If this flag is set to ``yes'', ssh  will  additionally
    CF>       check  the  host  IP  address  in the known_hosts file.
    CF>       This allows ssh to detect if a host key changed due  to
    CF>       DNS  spoofing.   If  the  option  is set to ``no'', the
    CF>       check will not be executed.  The default is ``yes''.

I'm sorry to be dense, but I don't see how this helps.  Since the two
machines are behind a NAT router, they both have the same IP address
(but different RSA keys).  Right now I've set up so that the Strict
checking is off, and that allows my connections to go through, but ssh
still whines about it....

I suppose I could do something totally stupid with making a script
that will swap different known_hosts files, but that seems really
pukey....  What I wish is that I could supply the desired host key as
an argument to ssh....

R

_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list