ssh confusion

Lisa Kachold lisakachold at obnosis.com
Mon Dec 3 13:44:21 MST 2012


Larry.

The key and location are specified in the /etc/ssh/sshd_config file.  But
that will no
Doubt just give the same error.

Are the machines specified in /etc/hosts hosts.deny and hosts.allow?
On 2 Dec 2012 22:18, "Dazed_75" <lthielster at gmail.com> wrote:

>
>
> On Sat, Dec 1, 2012 at 5:59 PM, Lisa Kachold <lisakachold at obnosis.com>wrote:
>
>> Hi Larry,
>>
>>
>> On Fri, Nov 30, 2012 at 8:56 PM, Dazed_75 <lthielster at gmail.com> wrote:
>>
>>>
>>>
>>> On Fri, Nov 30, 2012 at 5:29 PM, der.hans <PLUGd at lufthans.com> wrote:
>>>
>>>> Am 30. Nov, 2012 schwätzte Dazed_75 so:
>>>>
>>>> moin moin,
>>>>
>>>>
>>>>  Interesting.  I deleted entry 8 and then ssh'd to lapdog0 with no
>>>>> complaint.  Logged out, rebooted that machine to Mint and then ssh'd
>>>>> into
>>>>> lapdog1 and that complained about then new entry 23 for lapdog0.
>>>>>
>>>>
>>>> Yeah, line 8 was probably your old entry for lapdog2.
>>>
>>>
>>> Yes, I said so in the first post.
>>>
>>>>
>>>>
>>>>  It appears that ssh will make an entry in known_hosts for each IP and
>>>>> something (host name, kernel, tennis ball) combination, but only
>>>>> complains
>>>>> about the 1st mis-match it finds.  Whatever the "something" is is not
>>>>> clear
>>>>> as I got no complaint after deleting entry 8 (from the lapdog2 days)
>>>>> and
>>>>> sshing in to lapdog0.  Puzzling.
>>>>>
>>>>
>>>> It tracks hostname and IP combinations and warns you if the IP has
>>>> another
>>>> entry. Presuming both lapdog0 and lapdog1 are properly in known_hosts
>>>> I'd
>>>> think the warning would go away.
>>>>
>>>
>>> no, it does not.  I did describe the circumstances though I tend to use
>>> more words than many folks do.  As I said, since both lapdog0 and lapdog1
>>> are the same machine (with the same mac address) just booted into different
>>> OSes they both get the same IP from DHCP.   That seems to land two entries
>>> for the same IP in known_hosts and that seems to make ssh complain.
>>>
>>>>
>>>> Does ssh -v explain it?
>>>>
>>>
>>> I did not think to try that and it is too late as I am re-installing
>>> that machine to test out a couple of things.
>>>
>>> Thanks for the feedback guys!
>>>
>>>>
>>>> ciao,
>>>>
>>>> der.hans
>>>> --
>>>>
>>>
>> Sorry this is so late.
>>
>> But you can do any of the following:
>>
>> a) Clone the connection for both machines:
>>
>
> As I said in the first post, lapdog0 and lapdog1 are the same machine just
> using different hostnames depending on which Linux is running.  Therefore,
> they "both" have the same mac address by definition.
>
> I did think of copying the public and private parts of the key from one to
> the other but don't know enough to know if that might cause another
> problem.
>
> BTW, I re-installed (to be totally sure of the starting point) them again
> with both being named lapdog2 and it made no difference.
>
>>
>> 1) Use the same key for both machines.
>>
>> ssh-keygen  then copy that key to your second machine.
>>
>> 2) set your MAC address as the same number in your network device
>> configuration.
>>
>>
>> B) Disable Strict Error Checking
>>
>> Turn off strict error checking in  /etc/ssh/sshd_config on both machines.
>>
>
> The error is showing as being due to strict error checking.  But I would
> hesitate to turn it off other than temporarily not to mention that I don't
> know how.  Finding out would be easy, it's just not a priority.
>
>>
>> While this can be a ssh security risk and therefore not indicated on most
>> networks for which you are maintaining this solution, but if you have
>> buttoned down your network and actually read your logs, it should be safe,
>> alternately you can also seru==dd
>>
>> http://en.wikipedia.org/wiki/Port_knocking
>>
>>>
>>> --
>>> Dazed_75 a.k.a. Larry
>>>
>>> Please protect my address like I protect yours. When sending messages to
>>> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
>>> from a forwarded message body before clicking Send.
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>>
>>
>>
>>
>> --
>>
>>
>> (503) 754-4452 Android
>> (623) 239-3392 Skype
>> (623) 688-3392 Google Voice
>> **
>> it-clowns.com
>> Chief Clown
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>
>> ---------------------------------------------------
>> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
>> To subscribe, unsubscribe, or to change your mail settings:
>> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>>
>
>
>
> --
> Dazed_75 a.k.a. Larry
>
> Please protect my address like I protect yours. When sending messages to
> multiple recipients, use the BCC: (Blind carbon copy). Remove addresses
> from a forwarded message body before clicking Send.
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20121203/74001032/attachment.html>


More information about the PLUG-discuss mailing list