SSH to one address, different ports, different hosts

Ben Scott dragonhawk at gmail.com
Sun Mar 11 11:59:54 EDT 2007


Hello, world.

  So anyway, I finally got around to installing the OpenWRT firmware
on my LinkSys WRT54G box today (a remarkably easy and painless
process, BTW).  I set-up SSH on said box to listen on a non-standard
port and opened the firewall to that.  This lets me SSH directly into
the router -- useful to try and figure out why my "real computer" is
not responding when I attempt to SSH into *it*.

  So I now have two completely different boxes (LinkSys WRT54G, and my
Dell PC) appearing to the world on a single IP address.  The problem
is, when I use OpenSSH's "ssh" to connect to the second box, it
screams bloody murder that the host key has changed and refuses to
connect.  Partial extract:

	WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
	Host key verification failed.

  That is, of course, by design.  The normal assumption is one-to-one
between IP addresses and hosts.  So a different host key from the same
IP address is normally a Bad Thing.  But in this case, the first
assumption is invalid -- I have multiple hosts at one IP address.

  Ideally, there would be some way to make ssh identify hosts not just
by IP address, but by IP-address:port combinations.  I didn't see one.

  For now, I've written two stanzas in my $HOME/.ssh/config file, one
for each box, and used the "UserKnownHosts" directive to assign
different known_hosts files to each.  So "ssh homegw" uses
"$HOME/.ssh/homegw.known_hosts" and "ssh blackfire" uses
"$HOME/.ssh/blackfire.known_hosts", and everything else uses the
default.

  Anyone else have thoughts or ideas to offer?

-- Ben


More information about the gnhlug-discuss mailing list