Hi People I am setting up some systems with ssh public keys and as part of this I am using the from directive inside .ssh/authorized_keys. Currently I am using the IP address to control the source. eg from="10.0.0.1" but on one CentOS 4 System that is up to date this will only work if I replace the IP with the DNS name of the server. I have verified that DNS is resolving the DNS Name to the correct IP address on the server in question and all seems to be fine. Aside from this CentOS Box have only been able to test this out on some old FC6 Machines and they behave as I expected. Anyone got any ideas why this might be happening ? I have compared the sshd config between the FC6 Machines and the CentOS Box and can't spot anything that would explain the issue. Thanks for any ideas, and have a nice day :)
Clint Dilks wrote:> Hi People > > I am setting up some systems with ssh public keys and as part of this I > am using the from directive inside .ssh/authorized_keys. Currently I am > using the IP address to control the source. eg from="10.0.0.1" but on > one CentOS 4 System that is up to date this will only work if I replace > the IP with the DNS name of the server. I have verified that DNS is > resolving the DNS Name to the correct IP address on the server in > question and all seems to be fine.Just grasping at straws, but does the reverse DNS zone resolve to the correct DNS name? For example, if the DNS entry "bob.example.com" translates to 10.0.0.1, does 10.0.0.1 resolve to "bob.example.com"? -- Jay Leafey - Memphis, TN jay.leafey at mindless.com -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5566 bytes Desc: S/MIME Cryptographic Signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080810/5efe4330/attachment.bin>
Jay Leafey wrote:> Clint Dilks wrote: >> Hi People >> >> I am setting up some systems with ssh public keys and as part of this >> I am using the from directive inside .ssh/authorized_keys. Currently >> I am using the IP address to control the source. eg from="10.0.0.1" >> but on one CentOS 4 System that is up to date this will only work if >> I replace the IP with the DNS name of the server. I have verified >> that DNS is resolving the DNS Name to the correct IP address on the >> server in question and all seems to be fine. > > Just grasping at straws, but does the reverse DNS zone resolve to the > correct DNS name? For example, if the DNS entry "bob.example.com" > translates to 10.0.0.1, does 10.0.0.1 resolve to "bob.example.com"? > > ------------------------------------------------------------------------ > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos >Hi Jay :) That was what I was trying to say with "I have verified that DNS is resolving the DNS Name to the correct IP address on the server in question and all seems to be fine." So yes I believe this is correct
You could start the ssh server on that machine with -vvv to get a detailled, verbose logging. That does not always lead to entries making clear what happens, but to entries you can use for googling (or asking here). I would also have a look at DNS - compare forward and reverse lookups (are they the same for the "from=..." entry?), does that Centos4-Box reach the DNS RELIABLY etc. SSH lies much emphasis on a working DNS. Dirk --On 11. August 2008 15:50:38 +1200 Clint Dilks <clintd at scms.waikato.ac.nz> wrote:> Hi People > > I am setting up some systems with ssh public keys and as part of this I > am using the from directive inside .ssh/authorized_keys. Currently I am > using the IP address to control the source. eg from="10.0.0.1" but on > one CentOS 4 System that is up to date this will only work if I replace > the IP with the DNS name of the server. I have verified that DNS is > resolving the DNS Name to the correct IP address on the server in > question and all seems to be fine. > Aside from this CentOS Box have only been able to test this out on some > old FC6 Machines > and they behave as I expected. Anyone got any ideas why this might be > happening ? I have compared the sshd config between the FC6 Machines and > the CentOS Box and can't spot anything that would explain the issue. > > Thanks for any ideas, and have a nice day :) > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-------------------------------------------------------------- Dirk H. Schulz IT Systems Service Wiesenweg 12, 85567 Grafing Tel. 0 80 92/86 25 68 Fax. 0 80 92/86 25 72 -------------------------------------------------------------- Technik vom Feinsten - und das n?tige Tuning