Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A fix for RSA hostkey warning with multiple tunnels' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A fix for RSA hostkey warning with multiple tunnels
Authored by: acet on Sep 29, '05 11:38:58AM

This is fine and good except for the fact that it effectively disables host key checking, thus leaving you wide open to man-in-the-middle attacks.

There's a better way.

For each host that you tunnel to, create a host entry in ~/.ssh/config similar to the following example:

        Host server1
               User root
               HostName 127.0.0.1
               Port 1024
               HostKeyAlias server1

The 'HostKeyAlias' directive sets the name in known-hosts that the host key will be saved as. Thus, every time you 'ssh server1', it'll check the proper host key. You won't get the RSA key warnings any more and you'll still maintain the protection of host key checking. Also, it has the nice benefit of saving you from having to use -oPort=1024 (which btw can be simplified as -p 1024)



[ Reply to This | # ]