Multiple ssh keys in known_hosts possible?

Lennart Sorensen lsorense-1wCw9BSqJbv44Nm34jS7GywD8/FfD2ys at public.gmane.org
Thu Jul 12 16:31:25 UTC 2007


On Thu, Jul 12, 2007 at 12:23:36PM -0400, Madison Kelly wrote:
>   I've got a situation where a few machines may answer an ssh request 
> to a given IP. Specifically, I've got port forwarding on my firewall 
> that routes certain (>1024) ports to machines MASQ'ed behind it. In the 
> other case, I have a 2-node cluster. During fail over the slave node 
> would answer requests (specifically; from the backup server running 
> rsync over ssh).
> 
>   The problem is that because the IP /doesn't/ change, ssh sees a 
> different key and refuses to connect. Is there a way to tell ssh that 
> keys A *or* B are valid for IP X?

I very much doubt it.  ssh is paranoid about matching host keys against
IP addresses.  It wants to protect you from accidentally connecting to a
different machine that you thought you were talking to.  You probably
should just have seperate IPs for each machine and ssh to the one you
want explicitly.

Now if you find a way to make ssh allow this it would actually be handy.
I have seen some people forward different ports to ssh on different
internal machines, and unfortunately ssh doesn't note the port number
along with the host key either, which makes that not work well.

--
Len Sorensen
--
The Toronto Linux Users Group.      Meetings: http://gtalug.org/
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists





More information about the Legacy mailing list