ssh to computer with variable ip address
I now have a working ssh connection to a computer on my subnet by using the (hardwired) ip address in the known_hosts file. How can ssh be used to connect to a computer with a (variable) dhcp-assigned ip address, given that the ip address can change at any time? Thanks, Dave Feustel -- Lose, v., experience a loss, get rid of, lose the weight Loose, adj., not tight, let go, free, loose clothing
Re: ssh to computer with variable ip address
On Sun, Jan 15, 2006 at 11:45:35AM -0500, Dave Feustel wrote: I now have a working ssh connection to a computer on my subnet by using the (hardwired) ip address in the known_hosts file. How can ssh be used to connect to a computer with a (variable) dhcp-assigned ip address, given that the ip address can change at any time? I do this although not on a LAN with DHCP addressing but on the Internet on several computers registering to a self-made lookup service. On a LAN with DHCP you may be able to configure Dynamic DNS to identify what hosts have what IP address. You should take care of the StrictHostKeyChecking which will complain that a known hosts will have a different Public Host Key. You'll get those this could mean a man-in-middle attack type messages which you'll have to ignore and possibly edit the .ssh/known_hosts to get rid of any entries there. Also you won't really know for sure what host is what so it's probably safer to resort to rsa/dsa key authentication as password authentication should be avoided since the host behind an IP could be a malicious host with purpose to gobble up passwords. Cheers, -peter
Re: ssh to computer with variable ip address
On 1/15/06, Dave Feustel [EMAIL PROTECTED] wrote: How can ssh be used to connect to a computer with a (variable) dhcp-assigned ip address, given that the ip address can change at any time? Your problem is not with SSH. Although I cannot say whether your situation will allow for it, try obtaining a fixed hostname to connect to. You may want to look into the dynamic DNS updates facilitated through ISC's dhcpd (from ports) and BIND and start from there. The BIND ARM and port's documents should provide enough information. You may not need ISC dhcpd. That is, if the in-base dhcpd also contains the dynamic update features. Last time I checked [1], it didn't. I do not know why they are not implemented; possibly because their use isn't too widespread to make it worhwhile to code. If the dynamic DNS above is not applicable to your situation, you may want to look into dynamic DNS clients e.g. dyndns.org [2], although I cannot vouch for their service. Cheers, Rogier References: 1. MARC - 'ddns dhcp' in openbsd-misc http://marc.theaimsgroup.com/?l=openbsd-miscm=110353569711035w=2 2. DynDNS - Dynamic DNS http://www.dyndns.com/services/dns/dyndns/ -- If you don't know where you're going, any road will get you there.
Re: ssh to computer with variable ip address
On Sunday 15 January 2006 12:14, Peter Philipp wrote: On Sun, Jan 15, 2006 at 11:45:35AM -0500, Dave Feustel wrote: I now have a working ssh connection to a computer on my subnet by using the (hardwired) ip address in the known_hosts file. How can ssh be used to connect to a computer with a (variable) dhcp-assigned ip address, given that the ip address can change at any time? I do this although not on a LAN with DHCP addressing but on the Internet on several computers registering to a self-made lookup service. On a LAN with DHCP you may be able to configure Dynamic DNS to identify what hosts have what IP address. You should take care of the StrictHostKeyChecking which will complain that a known hosts will have a different Public Host Key. You'll get those this could mean a man-in-middle attack type messages which you'll have to ignore and possibly edit the .ssh/known_hosts to get rid of any entries there. Also you won't really know for sure what host is what so it's probably safer to resort to rsa/dsa key authentication as password authentication should be avoided since the host behind an IP could be a malicious host with purpose to gobble up passwords. Cheers, -peter Thanks, Peter! I got this working internally by using the ip address of the internal ethernet adaptor. I have in the past just posted dhcp-assigned ip addresses of http servers on my public website where they could be used as indirect addressing. -- Lose, v., experience a loss, get rid of, lose the weight Loose, adj., not tight, let go, free, loose clothing
Re: ssh to computer with variable ip address
Do you have a ssh server with static ip address anywhere ? If so, make the client with dynamic ip address log into your server at startup and make a port forward back to the ssh port on the client. Very handy trick when you need to manage boxes sitting behind others nat'ing firewalls. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-
Re: ssh to computer with variable ip address
On 2006/01/15 20:55, tony sarendal wrote: Do you have a ssh server with static ip address anywhere ? If so, make the client with dynamic ip address log into your server at startup and make a port forward back to the ssh port on the client. Very handy trick when you need to manage boxes sitting behind others nat'ing firewalls. autossh (in ports) can help with this. An alternative is to connect them in a VPN. You can make do with just dynamic addresses at both sides if you are prepared to trust some 'dynamic dns' provider (openvpn can be set to make a new DNS query each time a connection times-out). Another alternative is to run IPv6 to some tunnel-broker that supports dynamic clients (e.g. sixxs in Europe).
Re: ssh to computer with variable ip address
On 15/01/06, Stuart Henderson [EMAIL PROTECTED] wrote: On 2006/01/15 20:55, tony sarendal wrote: Do you have a ssh server with static ip address anywhere ? If so, make the client with dynamic ip address log into your server at startup and make a port forward back to the ssh port on the client. Very handy trick when you need to manage boxes sitting behind others nat'ing firewalls. autossh (in ports) can help with this. My while-true-do loop hasn't failed me yet, never looked for a port since a few line shell script does the trick reliably. -- Tony Sarendal - [EMAIL PROTECTED] IP/Unix -= The scorpion replied, I couldn't help it, it's my nature =-