[CentOS] ssh - alternate ports, and host verification

Jerry Franz jfranz at freerun.com
Fri Mar 20 00:01:42 UTC 2009


dnk wrote:
> I have a centos box that will need to ssh into 2 other centos boxes  
> (with keys). Now one of these boxes is a firewall, and another is a  
> system behind the firewall. I have rules in my firewall to punch into  
> the system behind the FW.
>
> Now if i connect to the IP (sine the public one is shared), anytime i  
> connect to the other system, I get the host verification failed error  
> and have to remove the IP from the known_hosts file.
>
> What is the best (secure) way to get around this? I know i can disable  
> the check, but that is not my preferred way.
>   
There are two ways to do it. The first way is to simply set the host 
keys to be the same on all the boxes (copy the contents of the 
/etc/ssh/*key* files from one box to all of the boxes). The other way is 
to setup separate ssh_config files for each destination with different 
known_host files and invoke ssh as 'ssh -F configfile1 host1', 'ssh -F 
configfile2 host2', etc.

-- 
Benjamin Franz


More information about the CentOS mailing list