Package: ssh Version: 1:4.3p2-3 Severity: normal
I have several PCs behind a NAT firewall. I want to be able to ssh into any of them, going via a single one is bad because I can't know which ones are up in advance. So the NAT router forwards various ports to the different servers. Unfortunately, ssh always check the hostkey against the IP address only, and so it thinks there is a man-in-the-middle attack when I try the second pc instead of the first. Because then the key changes, but the ip address seems to not change. But it really is another PC, because the port is different and therefore forwarded to a different PC. I appreciate the host key checking, but: It should not be tied to ip address alone, it should be tied to the ip:port pair. That will keep the security, but now <same ip:differnet port> will be allowed to have different host keys. <same ip:same port> will still not be allowed to change its key. I am not sure using the same host key everywhere will be good, if one PC is compromised, then all is . . . -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (900, 'testing'), (800, 'unstable'), (800, 'stable'), (700, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-rc6-mm2 Locale: LANG=nb_NO.UTF-8, LC_CTYPE=nb_NO.UTF-8 (charmap=UTF-8) Versions of packages ssh depends on: ii openssh-client 1:4.3p2-3 Secure shell client, an rlogin/rsh ii openssh-server 1:4.3p2-3 Secure shell server, an rshd repla ssh recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
