How is your DNS setup? How does this work when you connect with hostnames instead of IP Addresses? Do other two aliases (uplink0:1 and 0:2) have same name as primary interface's?
Sharad
--- On Mon, 24/8/09, 徐广 <xuguang181@xxxxxxxxx> wrote:
> From: 徐广 <xuguang181@xxxxxxxxx>
> Subject: Re: A question about ssh RSA key connection
> To: "ming.zym@xxxxxxxxx" <ming.zym@xxxxxxxxx>
> Cc: secureshell@xxxxxxxxxxxxxxxxx
> Date: Monday, 24 August, 2009, 8:46 AM
> Thanks ming for your reply
>
> When I connect to 47.154.169.130 the from ip would
> be
> 47.154.169.130, but when I try to connect to other servers,
> the from
> ip became 47.154.169.128, so this is really refusing me.
>
>
>
> 2009/8/24 ming.zym@xxxxxxxxx
> <ming.zym@xxxxxxxxx>:
> > this is far from a ssh problem, as the connect src
> address is selected
> > by system, mostly by the default routing set, in your
> case, there are
> > many IP in the same vlan/ip space, that will be
> choosed to be the first
> > ip in your ip list, .130 is the first then.
> >
> > you may use the "-b" option if you really need to set
> your src ip
> > address.
> >
> >
> > 在 2009-08-22六的 12:10 +0800,徐广写道:
> >> Hi
> >> I recently met with a problem when trying to set
> up ssh connection
> >> through the ssh key
> >>
> >> I first create a key through command ssh-keygen -t
> rsa -f
> >> /.ssh/pmcftp_id_rsa -P "" , two files would be
> created under /.ssh
> >> pmcftp_id_rsa and pmcftp_id_rsa.pub, then I insert
> an entry into the
> >> .pub file -
> from="47.154.169.129,47.154.169.128" this should
> >> restrickt that the ssh key should only work for
> sources of these two
> >> ips.
> >> Then I push the public key to another server under
> ~pmcftp/.ssh, after
> >> that, I start the ssh connection through command
> ssh -I pmcftp -i.
> >> ./ssh/pmcftp_id_rsa <server ip>, the ssh
> connection would be set up
> >> without asking for the passwd.
> >> But, when I create the ssh key on a server that
> has several ip
> >> address, like following:
> >> =====
> >> ifconfig -a
> >> lo0:
> flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL>
> mtu
> >> 8232 index 1
> >> inet
> 127.0.0.1 netmask ff000000
> >> uplink0:
> flags=1040863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,DEPRECATED,IPv4>
> >> mtu 1500 index 2
> >> inet
> 47.154.169.130 netmask ffffff00 broadcast 47.154.169.255
> >> ether
> 0:0:bb:2e:74:e
> >> uplink0:1:
> flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
> >> mtu 1500 index 2
> >> inet
> 47.154.169.128 netmask ffffff00 broadcast 47.154.169.255
> >> uplink0:2:
> flags=1000863<UP,BROADCAST,NOTRAILERS,RUNNING,MULTICAST,IPv4>
> >> mtu 1500 index 2
> >> inet
> 47.154.169.129 netmask ffffff00 broadcast 47.154.169.255
> >> uplink1:
> flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu
> 1500 index 3
> >> inet
> 192.168.47.1 netmask ffffff00 broadcast 192.168.47.255
> >> ether
> 0:0:bb:2e:74:d
> >> =====
> >> And added ip 47.154.169.128 and
> 47.154.169.129 into the from ip list
> >> entry in the key file, then I push the ssh key to
> server
> >> 47.154.169.130 (which should be the same server as
> the source)
> >> Then when I try to start the ssh connection
> through command ssh -I
> >> pmcftp -i. ./ssh/pmcftp_id_rsa 47.154.169.130 ,
> the key does not work
> >> anymore, and the log give info like this
> >> ==
> >> Authentication tried for pmcftp with correct
> key but not from a
> >> permitted host (host=iems196-unit0,
> ip=47.154.169.130)
> >> ==
> >> Obviously, here the from ip list does not include
> 47..154.169.130, and
> >> the ssh connection treate the from ip as
> 47.154.169.130 not other ips
> >> of this server.
> >> Then I tried another command
> >> Ssh -b 47.154.169.128 -I pmcftp -i.
> ./ssh/pmcftp_id_rsa
> >> 47.154.169.130 the key works well again.
> >> The -b option is binding the from ip to
> 57.154.169.128 and it's in the
> >> from ip list in the key file.
> >>
> >> how the ip of the from side of the ssh connection
> is obtained? When
> >> the from side of the ssh connection has several
> ips how would the ip
> >> address be determined by the to side?
> >> Any info would be highly appreciated, thanks in
> advance!
> >>
> >> Best regards
> >> Guang
> >>
> >> --
> >> 徐广
> >> 13581797776
> >
> >
>
>
>
> --
> 徐广
> 13581797776
>
Love Cricket? Check out live scores, photos, video highlights and more. Click here http://cricket.yahoo.com
