| Summary: | .ssh/known_hosts does not save port number | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | parasietje |
| Component: | ssh | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | CLOSED WORKSFORME | ||
| Severity: | minor | CC: | dtucker |
| Priority: | P2 | ||
| Version: | 5.0p1 | ||
| Hardware: | All | ||
| OS: | Linux | ||
Thats' odd, because that's been there for a while. What exact version are you using (ie what does ssh -V say?) Using a server with a different key on port 2222 on "myserver" with a 5.0p1 client, I get: $ ssh -o userknownhostsfile=/tmp/known myserver The authenticity of host '[myserver]:2222 ([192.168.32.1]:2222)' can't be established. [...] and /tmp/known contains: [myserver]:2222,[192.168.32.1]:2222 ssh-rsa AAAAB3Nz[...] Be aware that using the default port does not add a port number, and if a matching host key is found without a port then it is used even if you're connecting on a nonstandard port (this is for backward compatibility). I did not use the latest version. Terrible apologies for wasting your time! Mass update RESOLVED->CLOSED after release of openssh-5.1 |
Problem: .ssh/known_hosts does not save the port number, only the IP/hostname. Thus, multiple ssh-servers on the same IP will cause key collisions. Recreate: Run sshd1 with certificate1 on port 2221 Run sshd2 with certificate2 on port 2222 Connect to localhost, port 2221. The server certificate is added to .ssh/known_hosts Connect to localhost, port 2222 Ssh reports REMOTE HOST KEY CHANGED Expected behavior: Ssh makes a difference between the ssh-server on port 2221, and the one on port 2222. Known workaround: Use HostKeyAlias to define an alias for the host on port 2221, and for the host on port 2222. It would be a lot better if the port number were included in the .ssh/known_hosts as well.