[rescue] SSH through firewall
Gregory Leblanc
rescue at sunhelp.org
Wed Dec 12 12:38:19 CST 2001
On Wed, 2001-12-12 at 08:26, Scott Newell wrote:
> I've recently done some re-wiring at the house, so I now have four sun4c
> boxes (enough computing power to heat a small closet!) running behind my
> firewall. The 'net connection is DSL with a single dynamic IP address,
> using dynodns.org and some scripting to keep the domain name pointing at my
> linux router/PPPoE/firewall box.
Sorry to hear about the PPPoE... Bleah, nasty technology with no good
purpose in life.
> I'm running SSH on all these boxes, but I've not come up with a clean way
> to allow connections to each box. I've swapped around port forwarding
> assignments in the router so that each machine's sshd appears (to the
> outside world) to be listening on a different port: 22, 1022, 2022, etc.
> The problem is that most SSH clients whine about the host key changing,
> probably (I'm assuming) because they associate the host key with the domain
> name, not the domain name _and_ the port.
>
> Is there a better way? Any ssh clients that allow multiple host keys for a
> host?
I had a similar "problem". I was able to work around it by using
different hostnames. So, I just added (either to DNS for my domain, or
to hosts) three hostnames for the same ip address, usually something
descriptive. openssh will then store different hostkeys for the
different hostnames in it's known_keys file. If you want to not have to
remember the port numbers, you can edit ~/.ssh/config, and add something
that looks like:
host box1.example.com
port 22
host box2.example.com
port 1022
host box3.example.com
port 2022
Then you can just type 'ssh box3.example.com', and it will connect on
the proper port for that machine.
Greg
--
Portland, Oregon, USA.
More information about the rescue
mailing list