Same IP on many systems in different environments

ssh hosts linux known-hosts hostname

I work in an environment where there are multiple locations, and in each locations we have the same IP addressing scheme, that is, we have many machines (one in each location) that share the same IP address (the hostnames are different though). Naturally, there is no communication between these locations, and also no DNS. I connect to each location in turn, by opening VPN tunnels. My workstation is Linux.

I am trying to develop a system to allow me to work as safely as possible in this environment. I would like to use hostnames instead of IP addresses directly, as we have an easy-to-remember naming convention. The problems I have encountered so far are: 1) logging in by mistake to a different machine, because a tunnel was open to the wrong location, and 2) ssh having a different host with the same IP but a different hostname in known_hosts, and refusing to connect.

So far, I am thinking of creating a different /etc/hosts and ~/.ssh/known_hosts file for each location (e.g. /etc/hosts.location1), and using a location switching script to automatically switch between these files by copying the version customized for my target location over the default file (e.g. cp /etc/hosts.location1 /etc/hosts). Ideally, this script will eventually be integrated with the software that I use to open VPNs to the different locations.

My question is: is there a better way to do this? Is there any functionality in ssh or the linux name resolution that I'm missing out on?

Many thanks.

Edit: this is a production environment, and I am looking for a workstation solution to this problem.


You mention that you VPN to each site. Could each site have a DNS server (or two) which have their own site domain (site1.mycorp.com, site2.mycorp.com) and use something like Bind views (http://www.zytrax.com/books/dns/ch7/view.html) to provide IP addresses to named hosts to VPN networks?

This way, you could give each host in every site a unique FQDN (barney.site1.mycorp.com and rubble.site2.mycorp.com) and these hosts will only resolve properly when you are VPNed to the correct site and that Bind view responds. In each site, barney.site1.mycorp.com and rubble.site2.mycorp.com could potentially have the same IP address. But they wouldn't resolve externally or if you were connected to the wrong VPN.

This isn't so a much a "workstation" solution. But if you have the ability to add nodes (VMs or physical hosts) to each site (which don't necessarily need to be part of production), then this could be a solution. If you already have production DNS that you are comfortable modifying, then you might already be able to leverage views and naming that is present.

Related

Can I charge a 4th gen iPod touch with the Galaxy tab's charger?
Is there a way to sleep your mac through iPhone/iPad?
How do I add a new route to the PATH variable?
How can I make ⌘H send an app to the back of the ⌘Tab stack on Lion? [duplicate]
How can I change a file's creator code on vanilla Snow Leooard?
Display a pixel-for-pixel copy of a Mac-created Keynote presentation on iPad
Why can't my MacBook Air run Software Update?
What is the meaning of Wired Memory in OS X? [duplicate]
How can I get photos from my DSLR (with a CF card) to my iPad wirelessly?
What applications do a good job of using the iPad's retina display for stock data?
How to disable iChat's popup "You are not connected to the internet"?
How do I remove the hostname from the bash prompt in Terminal? [duplicate]