A question about ssh RSA key connection



Hi
I recently met with a problem when trying to set up ssh connection
through the ssh key

I first create a key through command ssh-keygen -t rsa -f
/.ssh/pmcftp_id_rsa -P "" , two files would be created under /.ssh
pmcftp_id_rsa and pmcftp_id_rsa.pub, then I insert an entry into the
.pub file - from="47.154.169.129,47.154.169.128" this should
restrickt that the ssh key should only work for sources of these two
ips.
Then I push the public key to another server under ~pmcftp/.ssh, after
that, I start the ssh connection through command ssh -I pmcftp -i.
./ssh/pmcftp_id_rsa <server ip>, the ssh connection would be set up
without asking for the passwd.
But, when I create the ssh key on a server that has several ip
address, like following:
=====
ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
8232 index 1
inet 127.0.0.1 netmask ff000000
uplink0: flags=1040863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 2
inet 47.154.169.130 netmask ffffff00 broadcast 47.154.169.255
ether 0:0:bb:2e:74:e
uplink0:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
mtu 1500 index 2
inet 47.154.169.128 netmask ffffff00 broadcast 47.154.169.255
uplink0:2: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
mtu 1500 index 2
inet 47.154.169.129 netmask ffffff00 broadcast 47.154.169.255
uplink1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
inet 192.168.47.1 netmask ffffff00 broadcast 192.168.47.255
ether 0:0:bb:2e:74:d
=====
And added ip 47.154.169.128 and 47.154.169.129 into the from ip list
entry in the key file, then I push the ssh key to server
47.154.169.130 (which should be the same server as the source)
Then when I try to start the ssh connection through command ssh -I
pmcftp -i. ./ssh/pmcftp_id_rsa 47.154.169.130 , the key does not work
anymore, and the log give info like this
==
Authentication tried for pmcftp with correct key but not from a
permitted host (host=iems196-unit0, ip=47.154.169.130)
==
Obviously, here the from ip list does not include 47.154.169.130, and
the ssh connection treate the from ip as 47.154.169.130 not other ips
of this server.
Then I tried another command
Ssh -b 47.154.169.128 -I pmcftp -i. ./ssh/pmcftp_id_rsa
47.154.169.130 the key works well again.
The -b option is binding the from ip to 57.154.169.128 and it's in the
from ip list in the key file.

how the ip of the from side of the ssh connection is obtained? When
the from side of the ssh connection has several ips how would the ip
address be determined by the to side?
Any info would be highly appreciated, thanks in advance!

Best regards
Guang

--
徐广
13581797776



Relevant Pages

  • Re: A question about ssh RSA key connection
    ... I recently met with a problem when trying to set up ssh connection ... when I create the ssh key on a server that has several ip ... inet 47.154.169.130 netmask ffffff00 broadcast 47.154.169.255 ...
    (SSH)
  • Re: Passwordless logins, .shosts for Windows CVS clients with Cygwin
    ... depending on the hardware involved, SSH configuration, frequency of CVS ... It really shouldn't be this way -- ideally, you'd make one SSH connection ... NKG> CygWin window or command window and just have it Work. ...
    (comp.security.ssh)
  • Re: how can i limit system resources for a particular process?
    ... can establish ssh connection. ... I've also read some documentation about "limit/ulimit" command, ... looking for a "general" process limit for the whole system, ... subject of "unsubscribe". ...
    (Debian-User)
  • Re: Network ssh tunneling speed test
    ... I wonder if there exists some "time" command. ... I'll try googling ... >>connected under an ssh connection. ... >>Regards and thanks in advance, ...
    (Debian-User)
  • Re: UFS close-to-open consistency
    ... Dag-Erling Smørgrav wrote: ... ssh connection. ... the second 'make' command below saw the ... repoman between the two builds. ...
    (freebsd-current)