LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 06-20-2005, 12:08 AM   #1
Animalector
LQ Newbie
 
Registered: Jun 2005
Posts: 10

Rep: Reputation: 0
Multiple Machines behind single Static IP - known_hosts issue


Hi there.
I am running around 10 machines in a network, behind a single fixed IP ADSL connection. all machines are running an embedded linux operating system. Each machine has been assigned a different ssh listening port, other than standard 22.

I would like to be able to connect to each of these machines from a single remote location.

ie
ssh -p 123 user@111.222.333.444
ssh -p 124 user@111.222.333.444
etc

I have setup public / private key pairs for them all, however, once the first machine has been added to the known_hosts list, all following machines clash. I have tried listing them in /etc/hosts, using names rather than IP's but they still fail. Is there a way around this.

Thank you
Andy

Last edited by Animalector; 08-16-2005 at 03:05 AM.
 
Old 06-20-2005, 05:36 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Easiest way around this is to only use a name for the destination rather than the ip number.
The ssh client will see the name and not a conflicting ip number in /.ssh/known_hosts
Clear out ant existing record in known_hosts..
Place the ip number in /etc/hosts with all the names you wish to use..
eg
xxx.yyy.zzz.nnn server.1 server.2 ws.2203 etc

eg
ssh -p 2201 server.1
ssh -p 2202 server.2
ssh -p 2203 ws.2203
etc

If this setup fails, then the router/firewall bewteen the network and the pcs needs to be improved..

Last edited by peter_robb; 06-20-2005 at 05:40 AM.
 
Old 06-20-2005, 08:06 AM   #3
Animalector
LQ Newbie
 
Registered: Jun 2005
Posts: 10

Original Poster
Rep: Reputation: 0
I did place entries in the /etc/hosts file however, I didn't remove all other entries in known_hosts first, which was the issue. Seems as though there was a conflict with one of the other entries in this file. Thank you for the info...

Andy

Last edited by Animalector; 06-20-2005 at 06:26 PM.
 
Old 08-16-2005, 01:24 AM   #4
Animalector
LQ Newbie
 
Registered: Jun 2005
Posts: 10

Original Poster
Rep: Reputation: 0
Further help required on this one...
For some reason after a good few months of flawless operation, I have run into a new problem.
Symptoms are conflicting entries in /user/.ssh/known_hosts
I am using a listing in the /etc/hosts file as such:

111.222.333.444 NAME1 NAME2 NAME3 NAME4... etc...

now I have removed all entries in the known_hosts file, restarted the sshd, and now when connecting to the systems,
ssh -p PORT_NUM user@NAME1
I get a generated entry in the known_hosts file like so...
NAME1, 111.222.333.444 ssh-rsa 3cn4blahblahblah
whereas the previous entries looked like:
NAME1 ssh-rsa 3cn4blahblahblah
the new entries conflict with the subsequent entries for the other systems since they are associated by name as well as IP.

I'm a bit lost on this one since I have no idea why it started doing this in the first place.

Thanks in advance

Andy
 
Old 08-17-2005, 07:26 AM   #5
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
Something has tried to connect using the ip number..

You may need to keep an original copy of the known_hosts file and replace/rewrite it every couple of weeks..
 
Old 08-17-2005, 04:55 PM   #6
Animalector
LQ Newbie
 
Registered: Jun 2005
Posts: 10

Original Poster
Rep: Reputation: 0
Understandable that something may have tried connecting which threw it off.. but why, even after I have removed all entries from known hosts, rebooted, will it not work as before. THe thing that really get's me confused is the fact that with the new entries that are being created, it is listing the name associated with the address in hosts, as well as the address. whereas before it was always just the name.

Thanks

Andy
 
Old 08-17-2005, 05:40 PM   #7
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 47
It's a good question..

And I can't answer it..

I suspect sshd was upgraded at some point..

I have edited my known_hosts file to remove the ip numbers, and occasionaly have to copy it back after an automatic script has used a number to connect. I suspect scp may be the culprit, but I rather manage it than fix it..
 
Old 08-17-2005, 06:23 PM   #8
Animalector
LQ Newbie
 
Registered: Jun 2005
Posts: 10

Original Poster
Rep: Reputation: 0
ACtually, when I was testing i didn't use scp, I was trying to ssh into one of my systems instead. Come to think of it, I haven't tried an scp to see how that will perform. I predict it will do the same thing however (complain and add name and address together to known_hosts...)

Andy
 
Old 08-18-2005, 07:01 PM   #9
Animalector
LQ Newbie
 
Registered: Jun 2005
Posts: 10

Original Poster
Rep: Reputation: 0
Ok for those who are interested... THe problem was with the /etc/ssh/ssh_config file, there is a line in there "CheckHostIp no" that had been commented out by someone while I was away, which I did not know about.

This line ensures that both hostname and IP are checked when referencing the known_hosts file... and as a result if there is no entry, a name and IP will be written in together.

Thanks for the assistance..

Andy
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Remote Authentication failing in multiple apps upsco2002 Linux - Security 2 05-30-2005 07:47 PM
execute multiple ssh remote commands tom221 Linux - Newbie 2 01-28-2005 02:00 PM
remote ssh commands on multiple hosts evilchild Linux - Software 6 08-12-2004 11:48 PM
running a single image on multiple machines subzero_ice Linux - General 0 05-11-2004 08:44 AM
ssh to multiple lan machines from the internet - How? v00d00101 Linux - Newbie 4 06-20-2003 02:39 PM


All times are GMT -5. The time now is 03:59 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration