SSH to one address, different ports, different hosts

[Bruce Dawson]

Ben Scott wrote:
> Hello, world.
>
>  So anyway, I finally got around to installing the OpenWRT firmware
> on my LinkSys WRT54G box today (a remarkably easy and painless
> process, BTW).  I set-up SSH on said box to listen on a non-standard
> port and opened the firewall to that.  This lets me SSH directly into
> the router -- useful to try and figure out why my "real computer" is
> not responding when I attempt to SSH into *it*.
>
>  So I now have two completely different boxes (LinkSys WRT54G, and my
> Dell PC) appearing to the world on a single IP address.  The problem
> is, when I use OpenSSH's "ssh" to connect to the second box, it
> screams bloody murder that the host key has changed and refuses to
> connect.  Partial extract:
>
>     WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!
>     Host key verification failed.
>
>  That is, of course, by design.  The normal assumption is one-to-one
> between IP addresses and hosts.  So a different host key from the same
> IP address is normally a Bad Thing.  But in this case, the first
> assumption is invalid -- I have multiple hosts at one IP address.
>
>  Ideally, there would be some way to make ssh identify hosts not just
> by IP address, but by IP-address:port combinations.  I didn't see one.
>
>  For now, I've written two stanzas in my $HOME/.ssh/config file, one
> for each box, and used the "UserKnownHosts" directive to assign
> different known_hosts files to each.  So "ssh homegw" uses
> "$HOME/.ssh/homegw.known_hosts" and "ssh blackfire" uses
> "$HOME/.ssh/blackfire.known_hosts", and everything else uses the
> default.
>
>  Anyone else have thoughts or ideas to offer? 
The known_hosts file can have a comma-separated list of hosts in the 
first field.

You can also turn off StrictHostKeyChecking (but I haven't tried this).

I don't think openssh (yet) provides the ability to match on port numbers.

--Bruce