Weblog entry #19 for eric
See all weblog entries made by eric.
Hi all,
I'm currently configuring a Xen server with several domUs, but all of them sharing a single IP address. I use xen-nat and some iptables to redirect ssh and http ports [1].
So i'm currently connecting with ssh to each domU with commands like $ ssh root@IP -p 1022
using 1022, 1023,... redirected to each domU port 22.
The problem is ssh key verification that force me to erase my .known_hosts IP key each time i connect to a different domU.
Do you know if there is a way to disable completely this behaviour or (better) only for my IP host?
(i have alreadly checked StrictHostKeyChecking but it don't seems to work because each time it cancel the connection)
[1] check http://blog.sietch-tabr.com/index.php/post/2007/07/10/Xen-NAT for more details (in French)
Comments on this Entry
[ Parent | Reply to this comment ]
[ Parent | Reply to this comment ]
[ Send Message | View dkg's Scratchpad | View Weblogs ]
The OP can avoid the problem for specific servers with stanzas in ~/.ssh/config. For example:
Host foo.example.org Hostname 1.2.3.4 Port 1004 HostKeyAlias fooThis tells ssh to just work with the line in ~/.ssh/known_hosts titled foo, and should avoid the conflicts you're seeing. It also makes it more convenient to connect, because you can just do:
ssh foo.example.orginstead of
ssh 1.2.3.4 -p 1004
[ Parent | Reply to this comment ]