Following is the IP and port number configuration - all hosts are running some version of Ubuntu or the other
HostA : 192.168.1.200
DockerHostA (running in HostA) : 172.17.0.8
MyLaptop : 192.168.1.201
In the docker specification, I have mapped port 22 (of DockerHostA) to port 9090 of (HostA).
I can connect to HostA by
ssh user@192.168.1.200
this adds an entry into the ~/.ssh/known_hosts file.
I can also connect to the DockerHostA like
ssh -p 9090 user@192.168.1.200
this also adds an entry (second) in the known_hosts file. After this happens, I can only connect to the DockerHostA and I am unable to ssh into HostA.
ssh user@192.168.1.200
ssh -p 9090 user@192.168.1.200
both of these ssh into DockerHostA.
I can delete the known_hosts file and this allows ssh connection to both hosts exactly once, before the problem happens again.
~/.ssh/known_hosts has two entries
|1|883fTHa....
|1|t89sTmV....
So, my questions are
Question 1:
I will assume you fully understand the purpose of the fingerprint check and what are the risks of automatically acknowledging new fingerprints or considering the fingerprint changes legitimate:
ssh -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" user@192.168.1.200
ssh -p 9090 -o "UserKnownHostsFile=/dev/null" -o "StrictHostKeyChecking=no" user@192.168.1.200
Question 2:
I assume your docker containers are launched on the docker-bridge network. This is a separate subnet that usually defaults to 172.17.0.0/16. By default there is no route from 192.168.0.0/24 to 172.17.0.0/16.
You can basically create any routes and iptables rules you need, but usually you want to let docker manage everything: When you use the docker run -p <src>:<dst>, docker automatically creates a forwarding rule from your host:<src> to your container:<dst>