[nmglug] cisco 678 nat and ssh to two machines,
Sam Noble
sam.noble at comcast.net
Fri May 6 11:36:01 PDT 2005
On Fri, 2005-05-06 at 12:06 -0600, Andres Paglayan wrote:
> Hi Listers,
> I have a cisco 678 and to ssh to one of the linux machines in the lan
> I already added a set nat entry add stanza that forwards all ssh request
> to one ip in the lan,
> I do ssh {ip address} from outside and get that machine prompt right away.
> but,
> what should I do if I want to connect to either machine A with lan ip
> 192.168.1.2 or to machine B with lan ip 192.168.1.3
> Thank you,
> Andres
I don't know what the cisco's nat configuration is like but the way I'd
do this is assign some other external port than 22 (I like to use 23 as
I'm pretty unlikely to be using telnet) to forward to the other ip's
port 22.
The problem with this is when you connect the machines have the same
external IP but different ssh keys so you get man-in-the-middle warnings
or errors (depending on the StrictHostKeyChecking line
in /etc/ssh/ssh_config of the client). It seems like if you carefully
edit the ~/.ssh/known_hosts you can get it so it won't complain, but I
just put 'StrictHostKeyChecking no' and ignore the warnings (shrug)
Also it's a pain to have to use the port number in the ssh command so
add stanza's in ~/.ssh/config like this:
Host MachineA
Hostname <externalIP>
Host MachineB
Hostname <externalIP>
Port = 23
This cuts
$ ssh -p 23 <externalIP>
down to
$ ssh MachineB
Ok so that's not much typing savings, but if you have log into those
boxes with a different username or XForward settings you can put that in
the stanza too and then it saves even more typing:
Host MachineA
Hostname <externalIP>
user andres
Host MachineB
Hostname <externalIP>
Port 23
user admin
ForwardX11 yes
replaces
$ ssh -p 23 -X admin@<externalIP>
with again
$ ssh MachineB
:)
--
GPG key F343E5FC (fingerprint:DF37 93BC AFEC 0A6A CC08 4A95 3790 8B4C
F343 E5FC)
available at: http://sam.noble.home.comcast.net/sams_publickey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20050506/001fc992/attachment.pgp>
More information about the nmglug
mailing list