When connecting to multiple Windows PCs using SSH port forwarding, you might see:
The host key for localhost has changed @ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @ IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! Someone could be eavesdropping on you right now (man-in-the-middle attack)! It is also possible that a host key has just been changed.
While you must consider the security implications of this option for yourself, you can include the
option in the xfreerdp command to bypass this error message.
Since your SSH connection should be already checked for man in the middle, it seems that unless your Windows PC is already hacked, the man-in-the-middle check may be somewhat less likely to be needed–but you must make this evaluation yourself.
example freerdp script
Assume our windows PC public IPv4 address is 126.96.36.199, with a Cygwin OpenSSH server running on port 22, with port 3389 blocked by the Windows firewall, and windows username
#!/bin/sh ssh -f -p 22 -L 3389:localhost:3389 [email protected] sleep 1; xfreerdp /cert-ignore /u:joe /v:localhost:3389
Whatever your use case, the
/cert-ignore is what’s important in the xfreerdp command.