Table of Contents
Advertisement
Note that dedicated ports can be used only to access to a ZoneRanger text interface. Dedicated ports
cannot be used to access other managed devices. A significant disadvantage with SSH proxy using
dedicated Ranger Gateway ports is that the same destination address (the Ranger Gateway's host
name or IP address) can be used to establish SSH sessions with different ZoneRangers,which
typically confuses SSH clients that are configured to verify host keys. When an SSH client is
configured to verify host keys, it typically maintains a table that associates host addresses with their
corresponding SSH host keys. Assuming you have not already used SSH to access the Ranger
Gateway itself, the first time you access a ZoneRanger using a Ranger Gateway dedicated port, an
entry is created associating the Ranger Gateway address with the ZoneRanger host key. If you then
try to access a different ZoneRanger, the SSH client will notice that the new ZoneRanger host key
does not match the saved value, and might conclude that the new ZoneRanger is masquerading as
the old one.
The only solutions to this problem are to configure the SSH client to ignore this condition or to use
a different form of SSH proxy access. Note that host keys are used to protect against Man-In-The-
Middle attacks, so before deciding to disable or relax host key verification, you will need to ensure
that your company's security requirements will not be compromised.
ZoneRanger 5.5 User's Guide
101
Hide quick links:
Advertisement
Table of Contents
