Problem with multiple interfaces.

Mon, 26 Feb 2001 07:29:20 -0800 

--- h/w, s/w ---
SPARC, Sol7
ssh: SSH Version 2.0.13
--- end ---


Hi,

I have two hosts (a and b), each has two NICs (hme0 and qfe0).
/etc/inet/hosts looks like this:

--- node a ---
#
# Internet host table
#
127.0.0.1       localhost

10.0.0.6      a    a-qfe0
10.0.0.7      a-hme0

10.0.0.8      b    b-qfe0
10.0.0.9      b-hme0
--- end ---

(No DNS is enabled, nsswitch.conf says files alone.
Each machine reponds either a or b to the command hostname.)


When I setup hostbased auth I ran into trouble.

<a># ssh root@b ls

Produces the following on node a's sshd (debug ena) server.

--- sshd2 -v ---
debug: Ssh2AuthHostBasedServer/auths-hostbased.c:153: Client gave us a
hostname ('b.') which doesn't match the one we got from DNS ('b-hme0.')
.
.
debug: Ssh2Common/sshcommon.c:122: DISCONNECT<deleted>
.
--- end ---

Lets start from the bottom..
The server says it "doesn't match the one we got from DNS ('b-hme0.')".

This is not so hard to grasp, the hme0 interface is the default
interface of host b.
All outgoing sessions with origin from host b goes out through the hme0
interface.

The server also says "Client gave us a hostname ('b.')".

Ok, so I modified the /etc/inet/hosts on the server, aliased b-hme0 ->
b:

10.0.0.8      b    b-qfe0
10.0.0.9      b-hme0    b

What a smarty ey.. ((: but it had no effect.

But this did the trick.

10.0.0.8      b    b-qfe0
10.0.0.9      b    b-hme0

This last uglyfication of the hosts file made it all work but what did
really happen?

When the client (b) connects with the server (a) the following happen (I
think..).

When the client connects to the server it finds out the hostname of the
host
by executing `hostname`, which returns 'b'.
The server receives the request from the client, the request originates
from the IP 10.0.0.9.
The server looks up the name of the clients IP and finds this
line in the hosts file. "10.0.0.09      b-hme0"

The server says, wrong hostname.. disconnecting!

Why did not the first modification of the hosts file work?
The operating system should not have complained about the alias. I get a
feeling
that the sshd does not trust the OS with this and does this file
checking itself.
However, not compliant with the OS standard..

Bug or a feature(?)

Anyway, it would be extremely useful to be able to tell the client from
which IP/hostname (pref both) it should originate.
 


rgds

/PL

Reply via email to