dnk wrote: > I have a centos box that will need to ssh into 2 other centos boxes > (with keys). Now one of these boxes is a firewall, and another is a > system behind the firewall. I have rules in my firewall to punch into > the system behind the FW. > > Now if i connect to the IP (sine the public one is shared), anytime i > connect to the other system, I get the host verification failed error > and have to remove the IP from the known_hosts file. > > What is the best (secure) way to get around this? I know i can disable > the check, but that is not my preferred way. > There are two ways to do it. The first way is to simply set the host keys to be the same on all the boxes (copy the contents of the /etc/ssh/*key* files from one box to all of the boxes). The other way is to setup separate ssh_config files for each destination with different known_host files and invoke ssh as 'ssh -F configfile1 host1', 'ssh -F configfile2 host2', etc. -- Benjamin Franz