[nflug] ssh time/warner

Cyber Source peter at thecybersource.com
Wed Nov 14 10:40:09 EST 2007 

Eric should check his ssh/dns settings, I saw that start with ssh on 
Fedora and then Ubuntu. I remember Jesse having an issue with exactly 
this. And after this response, I checked on the server that he was 
having an issue with and in the /etc/hosts.allow file, I see his dyndns 
entry commented and his IP put below it, hence the resolution to the 
problem we were having when it was based on his dynamic dns. I don't 
recall exactly why but I believe it was because reverse dns was at play. 
Anywho, Eric and give it a try and see how it goes.

Mark Musone wrote:
> That's not true. It shouldn't fail via reverse DNS checks (ssh doesn't
> verify reverse DNS, at least not by default).
> The key is not ip based, hence the whole point of ssh. It's certificate
> based, not ip based.
> Hosts.all does not come into play, as hosts.allow is only used by tcpd, the
> tcp wrapper. sshd typically runs as it's own daemon. (although you can run
> it under inetd (why would you want to do that??) )
>
> I use sshd with dynamic dns all the time at home (granted, it's behind a nat
> router, so the actual internal machine ip never changes.
>
> Mark
>
>
>
> -----Original Message-----
> From: nflug-bounces at nflug.org [mailto:nflug-bounces at nflug.org] On Behalf Of
> Cyber Source
> Sent: Wednesday, November 14, 2007 8:55 AM
> To: nflug at nflug.org
> Subject: Re: [nflug] ssh time/warner
>
> I'm not sure that's going to do what he wants (correct me if I'm wrong), 
> as it will fail when it checks via reverse dns, even if it was mapped to 
> another box, if it's not static somewhere, the key will fail when the IP 
> changes. I believe he wants to limit the connections available for ssh 
> using his /etc/hosts.allow file. The best way I've found is to go with a 
> broad range like "69.71.", as the first 2 octets will probably never 
> change. He's just looking for the range(s) that they may use locally 
> here. I'm not sure myself. When it was Adelphia, you could always count 
> on 24., now with TW, I see all sorts, 69., 71, etc..
>
> Robert Wolfe wrote:
>   
>> Well, I usually use dyndns.org to handle all of that for me :)  I have 
>> a Windows Server 2003 box running the DynDns.org update client (the 
>> same machine that my BBS runs on) and it works perfectly (granted my 
>> Linux server runs in a VMWare box <G>).
>>
>> eric wrote:
>>     
>>> I'd like to cut down the possible network connections over the 
>>> internet for access to a ssh server.
>>> I can't afford a static ip so I was wondering if anyone new the range 
>>> of internet ip's handed out to users from time/warner ...I'm pretty 
>>> sure my DNS servers are coming from Lackawana?
>>>
>>> Thanks in advance,
>>> Eric
>>> _______________________________________________
>>> nflug mailing list
>>> nflug at nflug.org
>>> http://www.nflug.org/mailman/listinfo/nflug
>>>       
>> _______________________________________________
>> nflug mailing list
>> nflug at nflug.org
>> http://www.nflug.org/mailman/listinfo/nflug
>>
>>     
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>
>

More information about the nflug mailing list