[Shorewall-users] Oddball ssh setup

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I am asking here because this is the list most likely to have the answer =
that=20
I am currently a member of.

I am trying to do something a bit more complex than this, but I will simp=
lify=20
because I am confident that II solve the simpler case, I will have no pro=
blem=20
with the more difficult case.

So, here is the setup.

Shorewall box with 2 interfaces, public and loc.

2 linux boxes sitting in loc and each running sshd.

I want to be able to ssh into either box in loc, or the shorewall box whi=
ch=20
is also running sshd.

DNAT		net	loc:192.168.10.22:22	tcp	2022
DNAT		net	loc:192.168.10.23:22	tcp	2023

Here is the problem. Let's say I have already ssh'd into the shorewall bo=
x.=20
When I try to ssh into one of the other boxes, my ssh client complains ab=
out=20
a man in the middle attack and aborts. If I delete the shorewall box's in=
fo=20
from the known_hosts file then I can reach another box.

Does anyone know of a clean and safe way to do what I want that does not=20
entail constantly editing the known_hosts file on the outside box running=
 the=20
ssh client?

all the best,

drew