Re: ssh confusion

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Lisa Kachold
Date:  
To: Main PLUG discussion list
Subject: Re: ssh confusion
What are tbe permissions on your .ssh directory¿
On 3 Dec 2012 13:44, "Lisa Kachold" <> wrote:

> Larry.
>
> The key and location are specified in the /etc/ssh/sshd_config file. But
> that will no
> Doubt just give the same error.
>
> Are the machines specified in /etc/hosts hosts.deny and hosts.allow?
> On 2 Dec 2012 22:18, "Dazed_75" <> wrote:
>
>>
>>
>> On Sat, Dec 1, 2012 at 5:59 PM, Lisa Kachold <>wrote:
>>
>>> Hi Larry,
>>>
>>>
>>> On Fri, Nov 30, 2012 at 8:56 PM, Dazed_75 <> wrote:
>>>
>>>>
>>>>
>>>> On Fri, Nov 30, 2012 at 5:29 PM, der.hans <> wrote:
>>>>
>>>>> Am 30. Nov, 2012 schwätzte Dazed_75 so:
>>>>>
>>>>> moin moin,
>>>>>
>>>>>
>>>>> Interesting. I deleted entry 8 and then ssh'd to lapdog0 with no
>>>>>> complaint. Logged out, rebooted that machine to Mint and then ssh'd
>>>>>> into
>>>>>> lapdog1 and that complained about then new entry 23 for lapdog0.
>>>>>>
>>>>>
>>>>> Yeah, line 8 was probably your old entry for lapdog2.
>>>>
>>>>
>>>> Yes, I said so in the first post.
>>>>
>>>>>
>>>>>
>>>>> It appears that ssh will make an entry in known_hosts for each IP and
>>>>>> something (host name, kernel, tennis ball) combination, but only
>>>>>> complains
>>>>>> about the 1st mis-match it finds. Whatever the "something" is is not
>>>>>> clear
>>>>>> as I got no complaint after deleting entry 8 (from the lapdog2 days)
>>>>>> and
>>>>>> sshing in to lapdog0. Puzzling.
>>>>>>
>>>>>
>>>>> It tracks hostname and IP combinations and warns you if the IP has
>>>>> another
>>>>> entry. Presuming both lapdog0 and lapdog1 are properly in known_hosts
>>>>> I'd
>>>>> think the warning would go away.
>>>>>
>>>>
>>>> no, it does not. I did describe the circumstances though I tend to use
>>>> more words than many folks do. As I said, since both lapdog0 and lapdog1
>>>> are the same machine (with the same mac address) just booted into different
>>>> OSes they both get the same IP from DHCP. That seems to land two entries
>>>> for the same IP in known_hosts and that seems to make ssh complain.
>>>>
>>>>>
>>>>> Does ssh -v explain it?
>>>>>
>>>>
>>>> I did not think to try that and it is too late as I am re-installing
>>>> that machine to test out a couple of things.
>>>>
>>>> Thanks for the feedback guys!
>>>>
>>>>>
>>>>> ciao,
>>>>>
>>>>> der.hans
>>>>> --
>>>>>
>>>>
>>> Sorry this is so late.
>>>
>>> But you can do any of the following:
>>>
>>> a) Clone the connection for both machines:
>>>
>>
>> As I said in the first post, lapdog0 and lapdog1 are the same machine
>> just using different hostnames depending on which Linux is running.
>> Therefore, they "both" have the same mac address by definition.
>>
>> I did think of copying the public and private parts of the key from one
>> to the other but don't know enough to know if that might cause another
>> problem.
>>
>> BTW, I re-installed (to be totally sure of the starting point) them again
>> with both being named lapdog2 and it made no difference.
>>
>>>
>>> 1) Use the same key for both machines.
>>>
>>> ssh-keygen then copy that key to your second machine.
>>>
>>> 2) set your MAC address as the same number in your network device
>>> configuration.
>>>
>>>
>>> B) Disable Strict Error Checking
>>>
>>> Turn off strict error checking in /etc/ssh/sshd_config on both machines.
>>>
>>
>> The error is showing as being due to strict error checking. But I would
>> hesitate to turn it off other than temporarily not to mention that I don't
>> know how. Finding out would be easy, it's just not a priority.
>>
>>>
>>> While this can be a ssh security risk and therefore not indicated on
>>> most networks for which you are maintaining this solution, but if you have
>>> buttoned down your network and actually read your logs, it should be safe,
>>> alternately you can also seru==dd
>>>
>>> http://en.wikipedia.org/wiki/Port_knocking
>>>
>>>>
>>>> --
>>>> Dazed_75 a.k.a. Larry
>>>>
>>>> Please protect my address like I protect yours. When sending messages
>>>> to multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>>>> from a forwarded message body before clicking Send.
>>>>
>>>>
>>>> ---------------------------------------------------
>>>> PLUG-discuss mailing list -
>>>> To subscribe, unsubscribe, or to change your mail settings:
>>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>>
>>>
>>>
>>>
>>> --
>>>
>>>
>>> (503) 754-4452 Android
>>> (623) 239-3392 Skype
>>> (623) 688-3392 Google Voice
>>> **
>>> it-clowns.com
>>> Chief Clown
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>> Dazed_75 a.k.a. Larry
>>
>> Please protect my address like I protect yours. When sending messages to
>> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>> from a forwarded message body before clicking Send.
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list -
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss