I ran into an article that addresses a long-standing problem I've had with OpenSSH's known_hosts file; it doesn't store the port for a host so you can't ssh to different ports behind a router without getting warnings about fingerprint mismatches. The article descries how to access multiple machines at the same host. Below is my workflow.

$ ssh host.example.com

Here I accept the fingerprint. This saves into my standard .ssh/known_hosts file. I logout of the server and ssh back with a new port and temporary known_hosts file.

$ ssh -o "UserKnownHostsFile kh2" host.example.com -p 2222

I get a different new fingerprint prompt and also accept it. I logout of the server then copy this fingerprint to my existing known_hosts file:

$ cat kh2 >> .ssh/known_hosts && rm kh2

I can now ssh to the same host with different ports without warnings about man-in-the-middle attacks.

$ ssh host.example.com$ ssh host.example.com -p 2222