Re: [vserver] sshd configuration

From: Herbert Poetzl <herbert_at_13thfloor.at>
Date: Wed 12 Sep 2007 - 19:12:38 BST
Message-ID: <20070912181238.GA28459@MAIL.13thfloor.at>

On Wed, Sep 12, 2007 at 05:49:35AM -0500, roymathew@bellsouth.net wrote:
> Hi folks,
>
> I got sshd configured and it seems to be working correctly in my
> vserver. I can ssh from host->VPS and and VPS->host
>
> -------------------- hosts sshd_config --------------------
> ListenAddress 192.168.1.100 # external address
> ListenAddress 10.1.1.1 # host dummy0 address
> ListenAddress 127.0.0.1 # so I can use localhost

> -------------------- guests sshd_config --------------------
> ListenAddress 10.1.1.2 # VPS dummy0 address
> ListenAddress 127.0.0.1 # so I can use localhost

you need 2.3.0.18+ for that to work properly, before
that you want to consider 'localhost' identical to the
first assigned ip (probably 10.1.1.2)

> My questions:
>
> 1. Is it ok to have multiple ListenAddress directives per VPS.

yes, but only if you have several IPs assigned, and
in general, it is _much_ simpler and easier to maintain
when you bind to 0.0.0.0 inside a guest as Linux-VServer
will restrict the guest to the assigned IPs anyways

> 2. I assume that the same address cannot be used in more than one
> sshd_config (ie: host and guest cannot have the same IP specified, and
> that 127.0.0.1 is the only exception to this rule). Correct?

that is correct, and the exception for 127.0.0.1 is
done either by remapping to the first IP (without lback)
or by using the lback address (recent devel kernels)

> 3. When I try to ssh from another machine on the same subnet to
> 192.168.1.100, I get:
> The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.
> RSA key fingerprint is 10:84:de:66:9d:fb:83:fd:12:ce:7d:b8:dc:c3:68:cd.
> Are you sure you want to continue connecting (yes/no)? yes
> Warning: Permanently added '192.168.1.100' (RSA) to the list of known hosts.
> Connection closed by 192.168.1.100
> ie: a timeout, it appears. What gives?

timeouts can be cause by all kind of things, most likely
here the reverse name lookup sshd usually does (for the
IP) somehow fails (probably because of your setup)

best verify that with running sshd in debug mode

HTH,
Herbert

> Thanks,
> Roy.
>
Received on Wed Sep 12 19:12:48 2007

[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Wed 12 Sep 2007 - 19:12:58 BST by hypermail 2.1.8