dnk wrote:
I have a centos box that will need to ssh into 2 other centos boxes (with keys). Now one of these boxes is a firewall, and another is a system behind the firewall. I have rules in my firewall to punch into the system behind the FW.
Now if i connect to the IP (sine the public one is shared), anytime i connect to the other system, I get the host verification failed error and have to remove the IP from the known_hosts file.
What is the best (secure) way to get around this? I know i can disable the check, but that is not my preferred way.
There are two ways to do it. The first way is to simply set the host keys to be the same on all the boxes (copy the contents of the /etc/ssh/*key* files from one box to all of the boxes). The other way is to setup separate ssh_config files for each destination with different known_host files and invoke ssh as 'ssh -F configfile1 host1', 'ssh -F configfile2 host2', etc.