[ale] ssh multihosts, 1ip, many port

Robert L. Harris Robert.L.Harris at rnd-consulting.com
Tue Nov 7 15:46:27 EST 2000 

I  have this in /etc/ssh/ssh_config:

#
# Staging
#
Host blackwidow
        Port                    22050
        HostName                shakespeare-ext.company.com
Host redwidow
        Port                    22080
        HostName                shakespeare-ext.company.com

When I ssh to blackwidow it puts the entry in known hosts.  When
I ssh to redwidow it gives me the error abou tthe man in the middle,
etc, unless I delete the entry from knownhosts.

Robert


Thus spake Fletch (fletch at phydeaux.org):

> >>>>> "Robert" == Robert L Harris <Robert.L.Harris at rnd-consulting.com> writes:
> 
>     Robert> I'm trying to scp some files to a number of hosts behind a
>     Robert> firewall.  To connect I scp to the firewall on a high port
>     Robert> and it forwards to the right host.  I'm getting this:
> 
> [...]
>     Robert> I know I need to change something and I don't remember
>     Robert> what.  Anyone know?  my /etc/ssh/ssh_config has the host
>     Robert> entries for all the hosts setup so I can go directly to
>     Robert> the name and it figures out the port/IP problem.
> 
>         At least as far as the openssh man page goes, it says that you 
> can have multiple lines for the same host with different keys.  From
> man sshd(8): 
> 
> 
>      When performing host authentication, authentication is accepted
>      if any matching line has the proper key.  It is thus permissible
>      (but not recommended) to have several lines or different host
>      keys for the same names.  This will inevitably happen when short
>      forms of host names from different domains are put in the file.
>      It is possible that the files contain conflicting information;
>      authentication is accepted if valid information can be found from
>      either file.
> 
> 
>         So try putting in entries for each real host under the name of 
> the outside firewall host.
> 
> -- 
> Fletch                | "If you find my answers frightening,       __`'/|
> fletch at phydeaux.org   |  Vincent, you should cease askin'          \ o.O'
> 770 933-0600 x211(w)  |  scary questions." -- Jules                =(___)=
>                       |                                               U



:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list