[Techtalk] remote SSH and NAT
Travis Casey
efindel at earthlink.net
Sun Mar 12 17:46:00 EST 2006
On Mar 12, 2006, at 1:36 AM, Carla Schroder wrote:
> On Saturday 11 March 2006 18:23, Mary wrote:
>> I typically forward a port on windbag, so that when you connect to
>> port
>> 10000 of windbag, windbag pops you right through to port 22 (SSH) of
>> stinkpad.
[snip a bit]
> That works great for a single LAN host, but then don't you bump
> into host keys
> problems? Because all outgoing traffic is SNAT'ed, so when the
> remote SSH
> client sees a different host key, it doesn't know it's from a
> different PC,
> because the IP is the same. So you get the scary
>
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
>
> etc. message.
I can't speak for other SSH clients, but I've done this at home,
using PuTTY as the client when I'm coming in, and it seems to
understand that since it's a different port, it could be a different
daemon. It gave me its "this host is not yet in the registry, do you
want me to remember its key?" prompt the first time I used the second
port to go to the other host, and since then, it's worked fine with
the setup.
--
Travis S. Casey efindel at earthlink.net
I am an evil kitten! Mew-ha-ha!
More information about the Techtalk
mailing list