ssh confusion

Lisa Kachold lisakachold at obnosis.com
Sat Dec 1 17:59:14 MST 2012 

Hi Larry,


On Fri, Nov 30, 2012 at 8:56 PM, Dazed_75 <lthielster at gmail.com> wrote:

>
>
> On Fri, Nov 30, 2012 at 5:29 PM, der.hans <PLUGd at lufthans.com> wrote:
>
>> Am 30. Nov, 2012 schwätzte Dazed_75 so:
>>
>> moin moin,
>>
>>
>>  Interesting.  I deleted entry 8 and then ssh'd to lapdog0 with no
>>> complaint.  Logged out, rebooted that machine to Mint and then ssh'd into
>>> lapdog1 and that complained about then new entry 23 for lapdog0.
>>>
>>
>> Yeah, line 8 was probably your old entry for lapdog2.
>
>
> Yes, I said so in the first post.
>
>>
>>
>>  It appears that ssh will make an entry in known_hosts for each IP and
>>> something (host name, kernel, tennis ball) combination, but only
>>> complains
>>> about the 1st mis-match it finds.  Whatever the "something" is is not
>>> clear
>>> as I got no complaint after deleting entry 8 (from the lapdog2 days) and
>>> sshing in to lapdog0.  Puzzling.
>>>
>>
>> It tracks hostname and IP combinations and warns you if the IP has another
>> entry. Presuming both lapdog0 and lapdog1 are properly in known_hosts I'd
>> think the warning would go away.
>>
>
> no, it does not.  I did describe the circumstances though I tend to use
> more words than many folks do.  As I said, since both lapdog0 and lapdog1
> are the same machine (with the same mac address) just booted into different
> OSes they both get the same IP from DHCP.   That seems to land two entries
> for the same IP in known_hosts and that seems to make ssh complain.
>
>>
>> Does ssh -v explain it?
>>
>
> I did not think to try that and it is too late as I am re-installing that
> machine to test out a couple of things.
>
> Thanks for the feedback guys!
>
>>
>> ciao,
>>
>> der.hans
>> --
>>
>
Sorry this is so late.

But you can do any of the following:

a) Clone the connection for both machines:

1) Use the same key for both machines.

ssh-keygen  then copy that key to your second machine.

2) set your MAC address as the same number in your network device
configuration.


B) Disable Strict Error Checking

Turn off strict error checking in  /etc/ssh/sshd_config on both machines.

While this can be a ssh security risk and therefore not indicated on most
networks for which you are maintaining this solution, but if you have
buttoned down your network and actually read your logs, it should be safe,
alternately you can also seru==dd

http://en.wikipedia.org/wiki/Port_knocking

>
> --
> Dazed_75 a.k.a. Larry
>
> Please protect my address like I protect yours. When sending messages to
> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
> from a forwarded message body before clicking Send.
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 


(503) 754-4452 Android
(623) 239-3392 Skype
(623) 688-3392 Google Voice
**
it-clowns.com
Chief Clown
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121201/05c37965/attachment.html>

More information about the PLUG-discuss mailing list