Problem: .ssh/known_hosts does not save the port number, only the IP/hostname. Thus, multiple ssh-servers on the same IP will cause key collisions. Recreate: Run sshd1 with certificate1 on port 2221 Run sshd2 with certificate2 on port 2222 Connect to localhost, port 2221. The server certificate is added to .ssh/known_hosts Connect to localhost, port 2222 Ssh reports REMOTE HOST KEY CHANGED Expected behavior: Ssh makes a difference between the ssh-server on port 2221, and the one on port 2222. Known workaround: Use HostKeyAlias to define an alias for the host on port 2221, and for the host on port 2222. It would be a lot better if the port number were included in the .ssh/known_hosts as well.
Thats' odd, because that's been there for a while. What exact version are you using (ie what does ssh -V say?) Using a server with a different key on port 2222 on "myserver" with a 5.0p1 client, I get: $ ssh -o userknownhostsfile=/tmp/known myserver The authenticity of host '[myserver]:2222 ([192.168.32.1]:2222)' can't be established. [...] and /tmp/known contains: [myserver]:2222,[192.168.32.1]:2222 ssh-rsa AAAAB3Nz[...] Be aware that using the default port does not add a port number, and if a matching host key is found without a port then it is used even if you're connecting on a nonstandard port (this is for backward compatibility).
I did not use the latest version. Terrible apologies for wasting your time!
Mass update RESOLVED->CLOSED after release of openssh-5.1