Mailinglist Archive: opensuse-security (556 mails)
| < Previous | Next > |
RE: [suse-security] ssh problem
- From: "Reckhard, Tobias" <Reckhard@xxxxxxxxxx>
- Date: Thu, 6 Sep 2001 09:04:27 +0200
- Message-id: <96C102324EF9D411A49500306E06C8D13481C9@xxxxxxxxxxxxxxxxx>
Hi Yuri
[Machine has two A records]
> So now the problem arises: I normally only use the easy-to-remember
> hostname: it's the one I named the machine with (not even telling it about
> the other one) and this is therefore also the one that ssh-keygen uses
> when generating the keys. Unfortunately ssh, scp and sftp resolve the
> IP-address to the other hostname, and fail to recognize the relevant key
> in $HOME/.ssh/authorized_keys2 (regardless of which "direction" I go). I
> assume there is an easy way to solve this, but I haven't found it. Can
> someone help me out?
>
Hmm.. I fail to see where the hostname matters in the authorized_keys[2]
files, except for the 'from="pattern-list"' parameter, which you don't seem
to mean.
The hostname does matter when the server's public key is checked against the
known_hosts[2] files, so I assume that is where your problem actually lies.
And concerning that, the sshd man page section titled "SSH_KNOWN_HOSTS FILE
FORMAT" says:
Each line in these files contains the following fields: hostnames,
bits,
exponent, modulus, comment. The fields are separated by spaces.
Hostnames is a comma-separated list of patterns ('*' and '?' act as
wild-
cards); each pattern in turn is matched against the canonical host name
(when authenticating a client) or against the user-supplied name (when
authenticating a server). A pattern may also be preceded by `!' to
indi-
cate negation: if the host name matches a negated pattern, it is not
ac-
cepted (by that line) even if it matched another pattern on the line.
Therefore, all you need to do is add the complicated name to the appropriate
entry in the known hosts files. I.e. modify an entry of the form:
hostname 1024 35 1768399887...
to:
hostname,complicated_hostname 1024 35 1768399887...
Does that help you in any way?
Tobias
[Machine has two A records]
> So now the problem arises: I normally only use the easy-to-remember
> hostname: it's the one I named the machine with (not even telling it about
> the other one) and this is therefore also the one that ssh-keygen uses
> when generating the keys. Unfortunately ssh, scp and sftp resolve the
> IP-address to the other hostname, and fail to recognize the relevant key
> in $HOME/.ssh/authorized_keys2 (regardless of which "direction" I go). I
> assume there is an easy way to solve this, but I haven't found it. Can
> someone help me out?
>
Hmm.. I fail to see where the hostname matters in the authorized_keys[2]
files, except for the 'from="pattern-list"' parameter, which you don't seem
to mean.
The hostname does matter when the server's public key is checked against the
known_hosts[2] files, so I assume that is where your problem actually lies.
And concerning that, the sshd man page section titled "SSH_KNOWN_HOSTS FILE
FORMAT" says:
Each line in these files contains the following fields: hostnames,
bits,
exponent, modulus, comment. The fields are separated by spaces.
Hostnames is a comma-separated list of patterns ('*' and '?' act as
wild-
cards); each pattern in turn is matched against the canonical host name
(when authenticating a client) or against the user-supplied name (when
authenticating a server). A pattern may also be preceded by `!' to
indi-
cate negation: if the host name matches a negated pattern, it is not
ac-
cepted (by that line) even if it matched another pattern on the line.
Therefore, all you need to do is add the complicated name to the appropriate
entry in the known hosts files. I.e. modify an entry of the form:
hostname 1024 35 1768399887...
to:
hostname,complicated_hostname 1024 35 1768399887...
Does that help you in any way?
Tobias
| < Previous | Next > |