ssh confusion

Dazed_75 lthielster at gmail.com
Sun Dec 2 22:18:24 MST 2012 

On Sat, Dec 1, 2012 at 5:59 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:

> Hi Larry,
>
>
> On Fri, Nov 30, 2012 at 8:56 PM, Dazed_75 <lthielster at gmail.com> wrote:
>
>>
>>
>> On Fri, Nov 30, 2012 at 5:29 PM, der.hans <PLUGd at lufthans.com> wrote:
>>
>>> Am 30. Nov, 2012 schwätzte Dazed_75 so:
>>>
>>> moin moin,
>>>
>>>
>>>  Interesting.  I deleted entry 8 and then ssh'd to lapdog0 with no
>>>> complaint.  Logged out, rebooted that machine to Mint and then ssh'd
>>>> into
>>>> lapdog1 and that complained about then new entry 23 for lapdog0.
>>>>
>>>
>>> Yeah, line 8 was probably your old entry for lapdog2.
>>
>>
>> Yes, I said so in the first post.
>>
>>>
>>>
>>>  It appears that ssh will make an entry in known_hosts for each IP and
>>>> something (host name, kernel, tennis ball) combination, but only
>>>> complains
>>>> about the 1st mis-match it finds.  Whatever the "something" is is not
>>>> clear
>>>> as I got no complaint after deleting entry 8 (from the lapdog2 days) and
>>>> sshing in to lapdog0.  Puzzling.
>>>>
>>>
>>> It tracks hostname and IP combinations and warns you if the IP has
>>> another
>>> entry. Presuming both lapdog0 and lapdog1 are properly in known_hosts I'd
>>> think the warning would go away.
>>>
>>
>> no, it does not.  I did describe the circumstances though I tend to use
>> more words than many folks do.  As I said, since both lapdog0 and lapdog1
>> are the same machine (with the same mac address) just booted into different
>> OSes they both get the same IP from DHCP.   That seems to land two entries
>> for the same IP in known_hosts and that seems to make ssh complain.
>>
>>>
>>> Does ssh -v explain it?
>>>
>>
>> I did not think to try that and it is too late as I am re-installing that
>> machine to test out a couple of things.
>>
>> Thanks for the feedback guys!
>>
>>>
>>> ciao,
>>>
>>> der.hans
>>> --
>>>
>>
> Sorry this is so late.
>
> But you can do any of the following:
>
> a) Clone the connection for both machines:
>

As I said in the first post, lapdog0 and lapdog1 are the same machine just
using different hostnames depending on which Linux is running.  Therefore,
they "both" have the same mac address by definition.

I did think of copying the public and private parts of the key from one to
the other but don't know enough to know if that might cause another
problem.

BTW, I re-installed (to be totally sure of the starting point) them again
with both being named lapdog2 and it made no difference.

>
> 1) Use the same key for both machines.
>
> ssh-keygen  then copy that key to your second machine.
>
> 2) set your MAC address as the same number in your network device
> configuration.
>
>
> B) Disable Strict Error Checking
>
> Turn off strict error checking in  /etc/ssh/sshd_config on both machines.
>

The error is showing as being due to strict error checking.  But I would
hesitate to turn it off other than temporarily not to mention that I don't
know how.  Finding out would be easy, it's just not a priority.

>
> While this can be a ssh security risk and therefore not indicated on most
> networks for which you are maintaining this solution, but if you have
> buttoned down your network and actually read your logs, it should be safe,
> alternately you can also seru==dd
>
> http://en.wikipedia.org/wiki/Port_knocking
>
>>
>> --
>> Dazed_75 a.k.a. Larry
>>
>> Please protect my address like I protect yours. When sending messages to
>> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>> from a forwarded message body before clicking Send.
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
>
>
> (503) 754-4452 Android
> (623) 239-3392 Skype
> (623) 688-3392 Google Voice
> **
> it-clowns.com
> Chief Clown
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>



-- 
Dazed_75 a.k.a. Larry

Please protect my address like I protect yours. When sending messages to
multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
from a forwarded message body before clicking Send.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121202/585c8c5f/attachment.html>

More information about the PLUG-discuss mailing list