RE: [suse-security] ssh problem
Hi Yuri [Machine has two A records]
So now the problem arises: I normally only use the easy-to-remember hostname: it's the one I named the machine with (not even telling it about the other one) and this is therefore also the one that ssh-keygen uses when generating the keys. Unfortunately ssh, scp and sftp resolve the IP-address to the other hostname, and fail to recognize the relevant key in $HOME/.ssh/authorized_keys2 (regardless of which "direction" I go). I assume there is an easy way to solve this, but I haven't found it. Can someone help me out?
Hmm.. I fail to see where the hostname matters in the authorized_keys[2] files, except for the 'from="pattern-list"' parameter, which you don't seem to mean. The hostname does matter when the server's public key is checked against the known_hosts[2] files, so I assume that is where your problem actually lies. And concerning that, the sshd man page section titled "SSH_KNOWN_HOSTS FILE FORMAT" says: Each line in these files contains the following fields: hostnames, bits, exponent, modulus, comment. The fields are separated by spaces. Hostnames is a comma-separated list of patterns ('*' and '?' act as wild- cards); each pattern in turn is matched against the canonical host name (when authenticating a client) or against the user-supplied name (when authenticating a server). A pattern may also be preceded by `!' to indi- cate negation: if the host name matches a negated pattern, it is not ac- cepted (by that line) even if it matched another pattern on the line. Therefore, all you need to do is add the complicated name to the appropriate entry in the known hosts files. I.e. modify an entry of the form: hostname 1024 35 1768399887... to: hostname,complicated_hostname 1024 35 1768399887... Does that help you in any way? Tobias
You could try another approach: I found that I have managed to get two entries for my machine at work in my local file by manually doing: ssh <IP address> and then by accident ssh <host.domain> Arthur On Thursday 06 September 2001 08:04, Reckhard, Tobias wrote:
Hi Yuri
[Machine has two A records]
So now the problem arises: I normally only use the easy-to-remember hostname: it's the one I named the machine with (not even telling it about the other one) and this is therefore also the one that ssh-keygen uses when generating the keys. Unfortunately ssh, scp and sftp resolve the IP-address to the other hostname, and fail to recognize the relevant key in $HOME/.ssh/authorized_keys2 (regardless of which "direction" I go). I assume there is an easy way to solve this, but I haven't found it. Can someone help me out?
Hmm.. I fail to see where the hostname matters in the authorized_keys[2] files, except for the 'from="pattern-list"' parameter, which you don't seem to mean.
The hostname does matter when the server's public key is checked against the known_hosts[2] files, so I assume that is where your problem actually lies. And concerning that, the sshd man page section titled "SSH_KNOWN_HOSTS FILE FORMAT" says:
Each line in these files contains the following fields: hostnames, bits, exponent, modulus, comment. The fields are separated by spaces.
Hostnames is a comma-separated list of patterns ('*' and '?' act as wild- cards); each pattern in turn is matched against the canonical host name (when authenticating a client) or against the user-supplied name (when authenticating a server). A pattern may also be preceded by `!' to indi- cate negation: if the host name matches a negated pattern, it is not ac- cepted (by that line) even if it matched another pattern on the line.
Therefore, all you need to do is add the complicated name to the appropriate entry in the known hosts files. I.e. modify an entry of the form:
hostname 1024 35 1768399887...
to:
hostname,complicated_hostname 1024 35 1768399887...
Does that help you in any way?
Tobias
participants (2)
-
arthur
-
Reckhard, Tobias