I have two machines behind a firewall, with the ssh ports forwarded to 2201 and 2202.
When I
ssh host -p 2201
it asks if I trust the machine, I say yes, it gets added to ~/.ssh/known_hosts
Then I
ssh host -p 2202
It doesn't let me, because there's already an entry for this IP in ~/.ssh/known_host:1 (the file was empty when I started, so line 1 is the one added by the previous ssh run).
This happens on CentOS 5.4.
On other distros (I've tried Arch), it appears that ssh matches the known_hosts to the ports too, so I can have multiple fingerprints for multiple ports on the same host/ip without any problems.
How can I get this same behavior for CentOS?
I couldn't find anything in man ssh_config (or at least not without disabling fingerprint checking).
I've found a temporary solution. If the known_hosts file has more than one entry for the same IP, it will check all of them before concluding something is wrong. But I'd really hate this to be the solution.
Best Answer
The version of OpenSSH that comes with CentOS 5 does not support port numbers in
known_hosts. You will need to build and install a newer version if you want this to work.