networking problem

James Dugger james.dugger at gmail.com
Tue Jul 10 13:29:06 MST 2012 

*1- I'm embarrassed to say, but I don't know. I think they both are client.
> rsync and ssh work from the laptop to the desktop but I can do neither the
> other way.  *My apologies, let me clarify.  Openssh installs as both
> server and client on each machine, so both computers are both.  However the
> computer requesting access is the client and the remote is the server.
> Since rsync can both "push" and "pull" data, which direction and from what
> machine is it running.  Are you using rsync installed on the laptop to push
> and/or pull data to the desktop or the other way around?  In this case the
> laptop is the ssh client and desktop is the ssh server.
>



> *2- As for ping: it will ping from the desktop to the laptop but not the
> other way. Is this odd? In my mind it shouldn;t ping from the desktop to
> the laptop! seeing as what I said in 1. *This could be a number of
> things.  Laptop is not responding to the IP address sent, DNS addressing in
> the desktop is not set correctly, or the port through which you are trying
> to access the laptop is not allowing either the desktop to use it or the
> laptop to see.  Do you have a router or other gateway device port
> forwarding between the desktop and the laptop, any user set firwall
> settings in ufw you have added?
>


> *3- Static IP addresses? I know I set them up as static when I first set
> it up and with each new install they didn't change so I never bothered
> making sure they were static again. It is bad of me but i  just assumed
> everything was cool.  *I would double check these first in
> /etc/network/interfaces for each system. Make sure you are using the right
> addresses.
>


> *4- known_hosts file? There is a known_hosts file on the laptop and after
> it was deleted it recreated itself. Not so on the desktop. I deleted it and
> it didn't recreate itself. * This tells me that the each machine has at
> one time been both a client and a host.  it also confirms that the laptop
> was able to at least negotiate with the desktop and create a known_host
> file on the laptop to generate the key.
>


> *5- id_rsa and id_rsa.pub in ~/.ssh? Neither of those files exist.   *This
> tells me that public keys have not been generated for either machine
> (unless they were erased).  Not an issue you should be able to simply use
> host-key authentication.
>


> *6- authorized_keys? On neither of the boxes do I see the
> file  authorized_keys. So I suppose that means neither is a host.  *Not
> necessarily, Openssh has two different ways in which to authenticate; host
> keys which authenticate computers and identity keys which authenticate
> users.  Both use the same type of key (RSA or DSA) but the keys are stored
> in different locations (host keys are store in known_hosts and identity
> keys are stored in authorized_keys)
>


Openssh Authentication Overview
There are two ways to authenticate Openssh, through host-keys and identity
keys.  You only need to authenticate one method.

Method 1 - Host-key identification is the simplest because you don't have
to create the key.  it is created for you when you use ssh the first time.
Both machines talk to each other and generate the keys themselves.  This is
the key that is placed in known_hosts.  When authenticating, ssh uses this
key to authenticate the computer (not the user) you are trying to connect
to.  If the keys match (in Known_hosts) than you are given the "login as"
prompt to identify yourself.  This authentication type will always require
you to login as your username and password which is the username and
password on the remote box you are trying to connect to.

Method 2 - Identity-keys or Public Key Authentication is user based and
allows you log into multiple hosts with the same login or passphrase (that
is separate from your username and password).  You the user must generate
this key and then place it on both computers in the authorized_keys file
-- 

Since both key types require keys on both machines and the known_host file
is not reinitializing on the desktop, this tells me that the desktop is not
talking to the laptop.  This is consistent with the fact that you cannot
ping the laptop from the desktop.

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.PLUG.phoenix.az.us/pipermail/plug-discuss/attachments/20120710/36fc7648/attachment.html>

More information about the PLUG-discuss mailing list