Re: A question about ssh RSA key connection

How is your DNS setup? How does this work when you connect with hostnames instead of IP Addresses? Do other two aliases (uplink0:1 and 0:2) have same name as primary interface's?


--- On Mon, 24/8/09, 徐广 <xuguang181@xxxxxxxxx> wrote:

From: 徐广 <xuguang181@xxxxxxxxx>
Subject: Re: A question about ssh RSA key connection
To: "ming.zym@xxxxxxxxx" <ming.zym@xxxxxxxxx>
Cc: secureshell@xxxxxxxxxxxxxxxxx
Date: Monday, 24 August, 2009, 8:46 AM
Thanks ming for your reply

When I connect to the from ip would
be, but when I try to connect to other servers,
the from
ip became, so this is really refusing me.

2009/8/24 ming.zym@xxxxxxxxx
this is far from a ssh problem, as the connect src
address is selected
by system, mostly by the default routing set, in your
case, there are
many IP in the same vlan/ip space, that will be
choosed to be the first
ip in your ip list, .130 is the first then.

you may use the "-b" option if you really need to set
your src ip

在 2009-08-22六的 12:10 +0800,徐广写道:
I recently met with a problem when trying to set
up ssh connection
through the ssh key

I first create a key through command ssh-keygen -t
rsa -f
/.ssh/pmcftp_id_rsa -P "" , two files would be
created under /.ssh
pmcftp_id_rsa and, then I insert
an entry into the
.pub file -
from=","  this should
restrickt that the ssh key should only work for
sources of these two
Then I push the public key to another server under
~pmcftp/.ssh, after
that, I start the ssh connection through command
ssh -I pmcftp -i.
./ssh/pmcftp_id_rsa <server ip>, the ssh
connection would be set up
without asking for the passwd.
But, when I create the ssh key on a server that
has several ip
address, like following:
ifconfig -a
8232 index 1
         inet netmask ff000000
mtu 1500 index 2
         inet netmask ffffff00 broadcast
mtu 1500 index 2
         inet netmask ffffff00 broadcast
mtu 1500 index 2
         inet netmask ffffff00 broadcast
1500 index 3
         inet netmask ffffff00 broadcast
And added ip  and  into the from ip list
entry in the key file, then I push the ssh key to
server (which should be the same server as
the source)
Then when I try to start the ssh connection
through command ssh -I
pmcftp -i. ./ssh/pmcftp_id_rsa ,
the key does not work
anymore, and the log give info like this
  Authentication tried for pmcftp with correct
key but not from a
permitted host (host=iems196-unit0,
Obviously, here the from ip list does not include
47..154.169.130, and
the ssh connection treate the from ip as not other ips
of this server.
Then I tried another command
Ssh -b  -I pmcftp -i.
./ssh/pmcftp_id_rsa the key works well again.
The -b option is binding the from ip to and it's in the
from ip list in the key file.

how the ip of the from side of the ssh connection
is obtained? When
the from side of the ssh connection has several
ips how would the ip
address be determined by the to side?
Any info would be highly appreciated, thanks in

Best regards



Love Cricket? Check out live scores, photos, video highlights and more. Click here

Relevant Pages

  • Re: Trouble with X11 over SSH on Mandriva 2010.0
    ... If next clean install/update causes ssh to break, ... installed the sshd daemon/service package (OpenSSH Server) on the server. ... correct values for client and server. ...
  • Re: Apache Software Foundation Server compromised, resecured. (fwd)
    ... this was one "result" of the comromised ssh binary at sourceforge. ... a public server of the Apache Software Foundation ... > (ASF) was illegally accessed by unknown crackers. ... > exhaustive audit of all Apache source code and binary distributions ...
  • Re: FreeBSD Crash without Errors, Warnings, or Panics
    ... I suppose I could run on stable until the driver is fixed in a release branch, but I need this box up and online, and I've always read that the stable branch is not the place for production servers. ... I'm running 6.0-RELEASE-p5 on a Toshiba built server: dual Xeon Intel motherboard with a LSILogic MegaRAID controller. ... Also, some network ports still respond, like a telnet to port 22 to test SSH will yield an SSH banner, but trying to connect with SSH just hangs. ... The box runs a web-based app and connects to a local Postgres DB which seemed to be unable to start new connections being requested by the PHP scripts. ...
  • Re: restrict ssh access
    ... > We have one ssh server which receives about 6000 failed attempts to ... > unsuccessful login attempts per client IP address? ... the remote server is also running OpenSSH. ...
  • Re: SSH as root
    ... Subject: SSH as root ... but it doesn't require having a key on the server that could be ... If they compromise a server, and the passphrase, etc. is there, they only ... private key to anyone. ...