shell ssh over a ssh tunnel

19/09/2006, 14h54

hello

i have a ssh tunnel available between internet/intranet network. but i
can not login the gateway. only forward is available.
how can i open a shell on a sshd server inside intranet throw the ssh
gateway.

ssh -N -L 22:sshd_intranet:22 sshd_gateway
it do not work, ssh localhost returns:
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the RSA host key has just been changed.
The fingerprint for the RSA key sent by the remote host is

thanks

19/09/2006, 15h24

Sylvain Ferriol wrote:
> hello
>
> i have a ssh tunnel available between internet/intranet network. but i
> can not login the gateway. only forward is available.
> how can i open a shell on a sshd server inside intranet throw the ssh
> gateway.
>
> ssh -N -L 22:sshd_intranet:22 sshd_gateway
> it do not work, ssh localhost returns:
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
> IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
> Someone could be eavesdropping on you right now (man-in-the-middle attack)!
> It is also possible that the RSA host key has just been changed.
> The fingerprint for the RSA key sent by the remote host is

Remove the line starting with the remote hostname from your local
$HOME/.ssh/known_hosts.

19/09/2006, 15h25

Steven Mocking wrote:
> Remove the line starting with the remote hostname from your local
> $HOME/.ssh/known_hosts.

Forgot to mention: don't do this if you're using a private key for logins.

19/09/2006, 15h48

>>>>> "SM" == Steven Mocking <mocking@textkernel.getridofthispart.nl> writes:

SM> Steven Mocking wrote:
>> Remove the line starting with the remote hostname from your local
>> $HOME/.ssh/known_hosts.

SM> Forgot to mention: don't do this if you're using a private key for
SM> logins.

Why?

--
Richard Silverman
res@qoxp.net

19/09/2006, 15h52

Richard E. Silverman a écrit :
>>>>>>"SM" == Steven Mocking <mocking@textkernel.getridofthispart.nl> writes:
>
>
> SM> Steven Mocking wrote:
> >> Remove the line starting with the remote hostname from your local
> >> $HOME/.ssh/known_hosts.
>
> SM> Forgot to mention: don't do this if you're using a private key for
> SM> logins.
>
> Why?
>
i notice that i have to remove localhost line in .ssh/known_hosts, not
remote hostname

19/09/2006, 16h18

Richard E. Silverman wrote:
>>>>>> "SM" == Steven Mocking <mocking@textkernel.getridofthispart.nl> writes:
>
> SM> Steven Mocking wrote:
> >> Remove the line starting with the remote hostname from your local
> >> $HOME/.ssh/known_hosts.
>
> SM> Forgot to mention: don't do this if you're using a private key for
> SM> logins.
>
> Why?

More precisely: if you have your private key pasted into the known_hosts
line, which is insecure, but surprisingly common.

26/11/2006, 13h06

On 2006-09-19, Sylvain Ferriol <sferriol@imag.fr> wrote:
> i have a ssh tunnel available between internet/intranet network. but i
> can not login the gateway. only forward is available.
> how can i open a shell on a sshd server inside intranet throw the ssh
> gateway.
>
> ssh -N -L 22:sshd_intranet:22 sshd_gateway
> it do not work, ssh localhost returns:
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
> @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
> @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@

You have a preexisting entry for localhost in the known_hosts file.

Try:
ssh -o HostKeyAlias=sshd_intranet localhost

If it works then put a host entry for it into your ~/.ssh/config file, eg

Host sshd_intranet
Hostname localhost
HostKeyAlias sshd_intranet
CheckHostIP no

Failing that you could check out the NoHostAuthenticationForLocalhost
option in ssh_config(5), but HostKeyAlias is the better solution.

--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

19/09/2006, 14h54	#1
Sylvain Ferriol Messages: n/a Hébergeur:	shell ssh over a ssh tunnel hello i have a ssh tunnel available between internet/intranet network. but i can not login the gateway. only forward is available. how can i open a shell on a sshd server inside intranet throw the ssh gateway. ssh -N -L 22:sshd_intranet:22 sshd_gateway it do not work, ssh localhost returns: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that the RSA host key has just been changed. The fingerprint for the RSA key sent by the remote host is thanks

19/09/2006, 15h24	#2
Steven Mocking Messages: n/a Hébergeur:	Re: shell ssh over a ssh tunnel Sylvain Ferriol wrote: > hello > > i have a ssh tunnel available between internet/intranet network. but i > can not login the gateway. only forward is available. > how can i open a shell on a sshd server inside intranet throw the ssh > gateway. > > ssh -N -L 22:sshd_intranet:22 sshd_gateway > it do not work, ssh localhost returns: > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! > Someone could be eavesdropping on you right now (man-in-the-middle attack)! > It is also possible that the RSA host key has just been changed. > The fingerprint for the RSA key sent by the remote host is Remove the line starting with the remote hostname from your local $HOME/.ssh/known_hosts.

19/09/2006, 15h25	#3
Steven Mocking Messages: n/a Hébergeur:	Re: shell ssh over a ssh tunnel Steven Mocking wrote: > Remove the line starting with the remote hostname from your local > $HOME/.ssh/known_hosts. Forgot to mention: don't do this if you're using a private key for logins.

19/09/2006, 15h48	#4
Richard E. Silverman Messages: n/a Hébergeur:	Re: shell ssh over a ssh tunnel >>>>> "SM" == Steven Mocking <mocking@textkernel.getridofthispart.nl> writes: SM> Steven Mocking wrote: >> Remove the line starting with the remote hostname from your local >> $HOME/.ssh/known_hosts. SM> Forgot to mention: don't do this if you're using a private key for SM> logins. Why? -- Richard Silverman res@qoxp.net

19/09/2006, 15h52	#5
Sylvain Ferriol Messages: n/a Hébergeur:	Re: shell ssh over a ssh tunnel Richard E. Silverman a écrit : >>>>>>"SM" == Steven Mocking <mocking@textkernel.getridofthispart.nl> writes: > > > SM> Steven Mocking wrote: > >> Remove the line starting with the remote hostname from your local > >> $HOME/.ssh/known_hosts. > > SM> Forgot to mention: don't do this if you're using a private key for > SM> logins. > > Why? > i notice that i have to remove localhost line in .ssh/known_hosts, not remote hostname

19/09/2006, 16h18	#6
Steven Mocking Messages: n/a Hébergeur:	Re: shell ssh over a ssh tunnel Richard E. Silverman wrote: >>>>>> "SM" == Steven Mocking <mocking@textkernel.getridofthispart.nl> writes: > > SM> Steven Mocking wrote: > >> Remove the line starting with the remote hostname from your local > >> $HOME/.ssh/known_hosts. > > SM> Forgot to mention: don't do this if you're using a private key for > SM> logins. > > Why? More precisely: if you have your private key pasted into the known_hosts line, which is insecure, but surprisingly common.

26/11/2006, 13h06	#7
Darren Tucker Messages: n/a Hébergeur:	Re: shell ssh over a ssh tunnel On 2006-09-19, Sylvain Ferriol <sferriol@imag.fr> wrote: > i have a ssh tunnel available between internet/intranet network. but i > can not login the gateway. only forward is available. > how can i open a shell on a sshd server inside intranet throw the ssh > gateway. > > ssh -N -L 22:sshd_intranet:22 sshd_gateway > it do not work, ssh localhost returns: > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ > @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@ You have a preexisting entry for localhost in the known_hosts file. Try: ssh -o HostKeyAlias=sshd_intranet localhost If it works then put a host entry for it into your ~/.ssh/config file, eg Host sshd_intranet Hostname localhost HostKeyAlias sshd_intranet CheckHostIP no Failing that you could check out the NoHostAuthenticationForLocalhost option in ssh_config(5), but HostKeyAlias is the better solution. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email