Multiple Machines behind single Static IP - failing remote ssh
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Multiple Machines behind single Static IP - known_hosts issue
I am running around 10 machines in a network, behind a single fixed IP ADSL connection. all machines are running an embedded linux operating system. Each machine has been assigned a different ssh listening port, other than standard 22.
I would like to be able to connect to each of these machines from a single remote location.
I have setup public / private key pairs for them all, however, once the first machine has been added to the known_hosts list, all following machines clash. I have tried listing them in /etc/hosts, using names rather than IP's but they still fail. Is there a way around this.
Last edited by Animalector; 08-16-2005 at 02:05 AM.
Easiest way around this is to only use a name for the destination rather than the ip number.
The ssh client will see the name and not a conflicting ip number in /.ssh/known_hosts
Clear out ant existing record in known_hosts..
Place the ip number in /etc/hosts with all the names you wish to use..
xxx.yyy.zzz.nnn server.1 server.2 ws.2203 etc
I did place entries in the /etc/hosts file however, I didn't remove all other entries in known_hosts first, which was the issue. Seems as though there was a conflict with one of the other entries in this file. Thank you for the info...
Last edited by Animalector; 06-20-2005 at 05:26 PM.
Further help required on this one...
For some reason after a good few months of flawless operation, I have run into a new problem.
Symptoms are conflicting entries in /user/.ssh/known_hosts
I am using a listing in the /etc/hosts file as such:
111.222.333.444 NAME1 NAME2 NAME3 NAME4... etc...
now I have removed all entries in the known_hosts file, restarted the sshd, and now when connecting to the systems, ssh -p PORT_NUM user@NAME1
I get a generated entry in the known_hosts file like so... NAME1, 111.222.333.444 ssh-rsa 3cn4blahblahblah
whereas the previous entries looked like: NAME1 ssh-rsa 3cn4blahblahblah
the new entries conflict with the subsequent entries for the other systems since they are associated by name as well as IP.
I'm a bit lost on this one since I have no idea why it started doing this in the first place.
Understandable that something may have tried connecting which threw it off.. but why, even after I have removed all entries from known hosts, rebooted, will it not work as before. THe thing that really get's me confused is the fact that with the new entries that are being created, it is listing the name associated with the address in hosts, as well as the address. whereas before it was always just the name.
I have edited my known_hosts file to remove the ip numbers, and occasionaly have to copy it back after an automatic script has used a number to connect. I suspect scp may be the culprit, but I rather manage it than fix it..
ACtually, when I was testing i didn't use scp, I was trying to ssh into one of my systems instead. Come to think of it, I haven't tried an scp to see how that will perform. I predict it will do the same thing however (complain and add name and address together to known_hosts...)
Ok for those who are interested... THe problem was with the /etc/ssh/ssh_config file, there is a line in there "CheckHostIp no" that had been commented out by someone while I was away, which I did not know about.
This line ensures that both hostname and IP are checked when referencing the known_hosts file... and as a result if there is no entry, a name and IP will be written in together.