Re: A question about ssh RSA key connection

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks ming for your reply

When I connect to  47.154.169.130 the from ip would be
47.154.169.130, but when I try to connect to other servers, the from
ip became 47.154.169.128, so this is really refusing me.



2009/8/24 ming.zym@xxxxxxxxx <ming.zym@xxxxxxxxx>:
> this is far from a ssh problem, as the connect src address is selected
> by system, mostly by the default routing set, in your case, there are
> many IP in the same vlan/ip space, that will be choosed to be the first
> ip in your ip list, .130 is the first then.
>
> you may use the "-b" option if you really need to set your src ip
> address.
>
>
> 在 2009-08-22六的 12:10 +0800,徐广写道:
>> Hi
>> I recently met with a problem when trying to set up ssh connection
>> through the ssh key
>>
>> I first create a key through command ssh-keygen -t rsa -f
>> /.ssh/pmcftp_id_rsa -P "" , two files would be created under /.ssh
>> pmcftp_id_rsa and pmcftp_id_rsa.pub, then I insert an entry into the
>> .pub file - from="47.154.169.129,47.154.169.128"  this should
>> restrickt that the ssh key should only work for sources of these two
>> ips.
>> Then I push the public key to another server under ~pmcftp/.ssh, after
>> that, I start the ssh connection through command ssh -I pmcftp -i.
>> ./ssh/pmcftp_id_rsa <server ip>, the ssh connection would be set up
>> without asking for the passwd.
>> But, when I create the ssh key on a server that has several ip
>> address, like following:
>> =====
>> ifconfig -a
>> lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu
>> 8232 index 1
>>         inet 127.0.0.1 netmask ff000000
>> uplink0: flags=1040863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,DEPRECATED,IPv4>
>> mtu 1500 index 2
>>         inet 47.154.169.130 netmask ffffff00 broadcast 47.154.169.255
>>         ether 0:0:bb:2e:74:e
>> uplink0:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
>> mtu 1500 index 2
>>         inet 47.154.169.128 netmask ffffff00 broadcast 47.154.169.255
>> uplink0:2: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
>> mtu 1500 index 2
>>         inet 47.154.169.129 netmask ffffff00 broadcast 47.154.169.255
>> uplink1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3
>>         inet 192.168.47.1 netmask ffffff00 broadcast 192.168.47.255
>>         ether 0:0:bb:2e:74:d
>> =====
>> And added ip 47.154.169.128  and 47.154.169.129  into the from ip list
>> entry in the key file, then I push the ssh key to server
>> 47.154.169.130 (which should be the same server as the source)
>> Then when I try to start the ssh connection through command ssh -I
>> pmcftp -i. ./ssh/pmcftp_id_rsa 47.154.169.130 , the key does not work
>> anymore, and the log give info like this
>> ==
>>  Authentication tried for pmcftp with correct key but not from a
>> permitted host (host=iems196-unit0, ip=47.154.169.130)
>> ==
>> Obviously, here the from ip list does not include 47.154.169.130, and
>> the ssh connection treate the from ip as 47.154.169.130 not other ips
>> of this server.
>> Then I tried another command
>> Ssh -b 47.154.169.128  -I pmcftp -i. ./ssh/pmcftp_id_rsa
>> 47.154.169.130 the key works well again.
>> The -b option is binding the from ip to 57.154.169.128 and it's in the
>> from ip list in the key file.
>>
>> how the ip of the from side of the ssh connection is obtained? When
>> the from side of the ssh connection has several ips how would the ip
>> address be determined by the to side?
>> Any info would be highly appreciated, thanks in advance!
>>
>> Best regards
>> Guang
>>
>> --
>> 徐广
>> 13581797776
>
>



-- 
徐广
13581797776


[Index of Archives]     [Open SSH Unix Development]     [Fedora Users]     [Fedora Desktop]     [Yosemite Backpacking]     [KDE Users]     [Gnome Users]

  Powered by Linux