A fix for RSA hostkey warning with multiple tunnels

Sep 29, '05 06:42:00AM

Contributed by: pobs

I use ssh tunnels to access multiple servers at different hosts with sshkeychain. With sshkeychain active, I typically run ssh localhost -oPort=1024 to access the various servers that I administer. So I typically end up with something like ports 1024 and 1025 tunneling ports from one server, and 1026 and 1027 tunneling ports from another.

The problem is that with multiple hosts being accessed through localhost, my known_hosts file always has the wrong host in it. As a result, I get the following message (call me paranoid, but I usually keep my ssh host checking strict):

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
... etc.
... etc.
This continues for many lines, and is somewhat annoying. So this is what I did. I made a little perl script (rsa_remove) that removes any line with localhost in it from my known_hosts file. I then use aliases such as the following to call the script and then the ssh command with the new port:
alias alias_name='rsa_remove;ssh localhost -oPort=1024'
Here is the rsa_remove perl script (barely a script, I know):
perl -e "s/^localhost.*n//g;" -pi ~/.ssh/known_hosts
Hope this helps someone...

[robg adds: I haven't tested this one...]

Comments (5)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20050928070022436