Same IP on many systems in different environments
I work in an environment where there are multiple locations, and in each locations we have the same IP addressing scheme, that is, we have many machines (one in each location) that share the same IP address (the hostnames are different though). Naturally, there is no communication between these locations, and also no DNS. I connect to each location in turn, by opening VPN tunnels. My workstation is Linux.
I am trying to develop a system to allow me to work as safely as possible in this environment. I would like to use hostnames instead of IP addresses directly, as we have an easy-to-remember naming convention. The problems I have encountered so far are: 1) logging in by mistake to a different machine, because a tunnel was open to the wrong location, and 2) ssh having a different host with the same IP but a different hostname in known_hosts, and refusing to connect.
So far, I am thinking of creating a different /etc/hosts and ~/.ssh/known_hosts file for each location (e.g. /etc/hosts.location1), and using a location switching script to automatically switch between these files by copying the version customized for my target location over the default file (e.g. cp /etc/hosts.location1 /etc/hosts). Ideally, this script will eventually be integrated with the software that I use to open VPNs to the different locations.
My question is: is there a better way to do this? Is there any functionality in ssh or the linux name resolution that I'm missing out on?
Many thanks.
Edit: this is a production environment, and I am looking for a workstation solution to this problem.
You mention that you VPN to each site. Could each site have a DNS server (or two) which have their own site domain (site1.mycorp.com, site2.mycorp.com) and use something like Bind views (http://www.zytrax.com/books/dns/ch7/view.html) to provide IP addresses to named hosts to VPN networks?
This way, you could give each host in every site a unique FQDN (barney.site1.mycorp.com
and rubble.site2.mycorp.com
) and these hosts will only resolve properly when you are VPNed to the correct site and that Bind view responds. In each site, barney.site1.mycorp.com
and rubble.site2.mycorp.com
could potentially have the same IP address. But they wouldn't resolve externally or if you were connected to the wrong VPN.
This isn't so a much a "workstation" solution. But if you have the ability to add nodes (VMs or physical hosts) to each site (which don't necessarily need to be part of production), then this could be a solution. If you already have production DNS that you are comfortable modifying, then you might already be able to leverage views and naming that is present.