Thanks ming for your reply When I connect to 47.154.169.130 the from ip would be 47.154.169.130, but when I try to connect to other servers, the from ip became 47.154.169.128, so this is really refusing me. 2009/8/24 ming.zym@xxxxxxxxx <ming.zym@xxxxxxxxx>: > this is far from a ssh problem, as the connect src address is selected > by system, mostly by the default routing set, in your case, there are > many IP in the same vlan/ip space, that will be choosed to be the first > ip in your ip list, .130 is the first then. > > you may use the "-b" option if you really need to set your src ip > address. > > > 在 2009-08-22六的 12:10 +0800,徐广写道: >> Hi >> I recently met with a problem when trying to set up ssh connection >> through the ssh key >> >> I first create a key through command ssh-keygen -t rsa -f >> /.ssh/pmcftp_id_rsa -P "" , two files would be created under /.ssh >> pmcftp_id_rsa and pmcftp_id_rsa.pub, then I insert an entry into the >> .pub file - from="47.154.169.129,47.154.169.128" this should >> restrickt that the ssh key should only work for sources of these two >> ips. >> Then I push the public key to another server under ~pmcftp/.ssh, after >> that, I start the ssh connection through command ssh -I pmcftp -i. >> ./ssh/pmcftp_id_rsa <server ip>, the ssh connection would be set up >> without asking for the passwd. >> But, when I create the ssh key on a server that has several ip >> address, like following: >> ===== >> ifconfig -a >> lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu >> 8232 index 1 >> inet 127.0.0.1 netmask ff000000 >> uplink0: flags=1040863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,DEPRECATED,IPv4> >> mtu 1500 index 2 >> inet 47.154.169.130 netmask ffffff00 broadcast 47.154.169.255 >> ether 0:0:bb:2e:74:e >> uplink0:1: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> >> mtu 1500 index 2 >> inet 47.154.169.128 netmask ffffff00 broadcast 47.154.169.255 >> uplink0:2: flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4> >> mtu 1500 index 2 >> inet 47.154.169.129 netmask ffffff00 broadcast 47.154.169.255 >> uplink1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 3 >> inet 192.168.47.1 netmask ffffff00 broadcast 192.168.47.255 >> ether 0:0:bb:2e:74:d >> ===== >> And added ip 47.154.169.128 and 47.154.169.129 into the from ip list >> entry in the key file, then I push the ssh key to server >> 47.154.169.130 (which should be the same server as the source) >> Then when I try to start the ssh connection through command ssh -I >> pmcftp -i. ./ssh/pmcftp_id_rsa 47.154.169.130 , the key does not work >> anymore, and the log give info like this >> == >> Authentication tried for pmcftp with correct key but not from a >> permitted host (host=iems196-unit0, ip=47.154.169.130) >> == >> Obviously, here the from ip list does not include 47.154.169.130, and >> the ssh connection treate the from ip as 47.154.169.130 not other ips >> of this server. >> Then I tried another command >> Ssh -b 47.154.169.128 -I pmcftp -i. ./ssh/pmcftp_id_rsa >> 47.154.169.130 the key works well again. >> The -b option is binding the from ip to 57.154.169.128 and it's in the >> from ip list in the key file. >> >> how the ip of the from side of the ssh connection is obtained? When >> the from side of the ssh connection has several ips how would the ip >> address be determined by the to side? >> Any info would be highly appreciated, thanks in advance! >> >> Best regards >> Guang >> >> -- >> 徐广 >> 13581797776 > > -- 徐广 13581797776