[NBLUG/talk] Odd ssh problem

gandalf at sonic.net gandalf at sonic.net
Fri Mar 14 13:09:46 PDT 2008


 On Fri 03/14/08 12:36 PM , Troy Arnold troy at zenux.net sent:
 On Fri, Mar 14, 2008 at 12:14:18PM -0700, gandalf at sonic.net [1]
wrote: 
 >  I'm getting confused here. So I thought I'd check in here for a 
 > second or third opinion.  
 >  I have a perl process that logs onto an account on a server
across 
 > town via ssh and auth keys. It first uses sftp to transfer a
couple 
 > files and then it sends a single command via ssh to process those 
 > files. It works pretty well. 
 >  Today our main DSL line started experiencing problems, so I 
 > reconfigured the routers to use our backup Broadlink connection
while 
 > Sonic and AT&T figure out what's going on (looks like it may be a
line 
 > fault). 
 >  In the meantime this little process has broken down and I'm
getting 
 > regular error messages of it's failure. I tried going in to the 
 > authorized_keys on the remote server and coping the entry and 
 > assigning it the secondary ip address, but this doesn't seem to
work. 
 >  
 >  Anyone have any suggestions? 
 Difficult to say without a specific error message.  I'd try running
the 
 commands that the script does by hand and see where it pukes.  It
may be 
 that it's failing because one side doesn't have the host key for the
IP 
 address of your broadlink account.  You'll probably have to either
remove 
 an entry in .ssh/known_hosts or add a new one (by logging in
successfully 
 and saying, 'Yes' when it asks to store the host key). 
 -t 
 Thank you very much. Turns out to be completely my fault. I managed
to reconfigure both our main router and our wireless router to use
xxx.xxx.xxx.173 as their address. I'd imagine that caused some weird
router pit fighting. I started debugging the specific commands and
used ssh with a -v and found that the client server was identifying
itself as xxx.xxx.xxx.173 where I had configured it to accept calls
form xxx.xxx.xxx.172 this turned out to be the whole issue. I
re-configured one of the routers to 172 and patched up the mess I had
made of the one autorized_keys file and voilla it works. 
 The thing I don't like about linux is that I tend to forget the
stuff that I don't do every day (like auth key creation and use). 
 Looks like I don't even have to specify the accepted address, but it
is better to do so in a case like this. I see that on some of my other
servers I don't have the from="xxx.xxx.xxx.xxx" part.


Links:
------
[1]
http://webmail.sonic.net/javascript:top.opencompose(\'gandalf@sonic.net\',\'\',\'\',\'\')
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://nblug.org/pipermail/talk/attachments/20080314/d0cfa411/attachment.htm 


More information about the talk mailing list