ssh question

Lisa Kachold lisakachold at obnosis.com
Fri Jun 17 10:03:13 MST 2011 

Hi Larry,

On Fri, Jun 17, 2011 at 2:00 AM, Dazed_75 <lthielster at gmail.com> wrote:

> I tried to ssh from this machine to my laptop (ssh lapdog3) and find that
> ssh is somehow using an old IP instead of doing name resolution on th e name
> lapdog2 which now has a new lease on a different IP.
>

Where did you configure the name to IP address {either}:

dns
/etc/hosts


Sometimes if you are using dyndns or another dynamic dns tool, the ip does
update but it can take a few days to propigate throughout the Internet.

Check your /etc/resolv.conf file and see where you are querying for DNS.

/etc/nsswitch.conf determines if you first query files or dns (and nis which
few use still in linux).  It should say files (for /etc/hosts) first then
dns.

>
> 1) How do I fix this?
>

Check to see if you have a key in $HOME/.ssh/known_hosts for your server
name or IP.

You can cache a key for either or both servername and IP.

You can turn off strict checking in /etc/ssh/sshd_conf  and it won't matter
but it's a security feature so only do this for testing.

Also, please post the exact error you are getting so we can verify what the
problem is?


> 2) Why does ssh use an old, apparently, stored IP?
>

It caches a key for a known host based on strict dns/ip host checking as
part of SSH rfc.  This is all part of key exchange, to waylay IP spoofing
wherein someone could do a MITM attack and pretend to be your server or your
host.

>
> --
> Dazed_75 a.k.a. Larry
>
> The spirit of resistance to government is so valuable on certain occasions,
> that I wish it always to be kept alive.
>   - Thomas Jefferson
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>



-- 
(602) 791-8002  Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
HomeSmartInternational.com <http://www.homesmartinternational.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20110617/200c190d/attachment.html>

More information about the PLUG-discuss mailing list