Home :: Blogs :: silfreed's blog

sshing to multiple ports at the same host without warnings

By silfreed - Posted on July 9th, 2008
Tagged:  •  

I ran into an article that addresses a long-standing problem I've had with OpenSSH's known_hosts file; it doesn't store the port for a host so you can't ssh to different ports behind a router without getting warnings about fingerprint mismatches. The article descries how to access multiple machines at the same host. Below is my workflow.

$ ssh host.example.com

Here I accept the fingerprint. This saves into my standard .ssh/known_hosts file. I logout of the server and ssh back with a new port and temporary known_hosts file.

$ ssh -o "UserKnownHostsFile kh2" host.example.com -p 2222

I get a different new fingerprint prompt and also accept it. I logout of the server then copy this fingerprint to my existing known_hosts file:

$ cat kh2 >> .ssh/known_hosts && rm kh2

I can now ssh to the same host with different ports without warnings about man-in-the-middle attacks.

$ ssh host.example.com
$ ssh host.example.com -p 2222
Bookmark/Search this post with:
Delicious Delicious  •  Digg Digg  •  Reddit Reddit  •  Technorati Technorati
silfreed's blog  •  del.icio.us links
Re: sshing to multiple ports at the same host without warnings
Submitted by Dennis Little (not verified) on Wed, 2008/07/09 - 20:57.

Brilliance! Thanks for the awesome tip. :)

reply

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is used to make sure you are a human visitor and to prevent spam submissions.
Syndicate content