[CentOS] ssh - alternate ports, and host verification

Thu Mar 19 23:01:42 UTC 2009
Jerry Franz <jfranz at freerun.com>

dnk wrote:
> I have a centos box that will need to ssh into 2 other centos boxes  
> (with keys). Now one of these boxes is a firewall, and another is a  
> system behind the firewall. I have rules in my firewall to punch into  
> the system behind the FW.
> Now if i connect to the IP (sine the public one is shared), anytime i  
> connect to the other system, I get the host verification failed error  
> and have to remove the IP from the known_hosts file.
> What is the best (secure) way to get around this? I know i can disable  
> the check, but that is not my preferred way.
There are two ways to do it. The first way is to simply set the host 
keys to be the same on all the boxes (copy the contents of the 
/etc/ssh/*key* files from one box to all of the boxes). The other way is 
to setup separate ssh_config files for each destination with different 
known_host files and invoke ssh as 'ssh -F configfile1 host1', 'ssh -F 
configfile2 host2', etc.

Benjamin Franz