On Mon, 17 May 2010 10:38:55 -0400
Bill Davidsen <davidsen(a)tmr.com> wrote:
Christoph Höger wrote:
> Hi,
>
> I need to ssh to some remote VM that sit in a private LAN. For any other
> service (e.g. RDP) I'd use ssh tunneling just normal.
> But what do I do for ssh traffic? Since ssh is not host agnostic, it
> will always complain about localhost having a different RSA key.
> I just do not want to edit the known_hosts every time I need to connecto
> to a new machine!
>
I just remembered having a similar problem and how I solved it. I added a fixed
IP for the machine at the end of the tunnel in /etc/hosts, and the fixed IP was
127.0.0.X, which seemed to allow a unique entry in known_hosts on the
originating machine. Since all of 127/8 is used for loopback, I decided to use
another address for the made up machine name.
You still have to edit /etc/hosts for each new machine, but once and only once
per machine.
Alternative:
~/.ssh/config
CheckHostIP
If this flag is set to ``yes'', ssh(1) will additionally check
the host IP address in the known_hosts file. This allows ssh to
detect if a host key changed due to DNS spoofing. If the option
is set to ``no'', the check will not be executed. The default is
``yes''.
BR, Bob