View previous topic :: View next topic |
Author |
Message |
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sat Nov 05, 2016 3:02 am Post subject: SSH - can't use server name to log in |
|
|
When I try to log into my server from another linux box I need to use the IP address - it repeatedly asks me for my password:
Quote: | my_name@client-machine ~ $ ssh my_server
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
my_name@client-machine ~ $ ssh 192.168.0.40
Password:
my_name@my_server ~ $
|
Nothing shows up in my server logs when I use the server name from the client machine, but if I use the server IP address, I get logged in:
Quote: | Nov 5 13:58:12 my_server sshd[4721]: SSH: Server;Ltype: Version;Remote: 192.168.0.28-40973;Protocol: 2.0;Client: OpenSSH_7.1p1-hpn14v9
Nov 5 13:58:12 my_server sshd[4721]: SSH: Server;Ltype: Kex;Remote: 192.168.0.28-40973;Enc: chacha20-poly1305@openssh.com;MAC: <implicit>;Comp: none [preauth]
Nov 5 13:58:15 my_server sshd[4721]: Accepted keyboard-interactive/pam for my_name from 192.168.0.28 port 40973 ssh2
Nov 5 13:58:15 my_server sshd[4721]: pam_unix(sshd:session): session opened for user my_name by (uid=0)
|
Can somebody solve this long standing mystery? |
|
Back to top |
|
|
Buffoon Veteran
Joined: 17 Jun 2015 Posts: 1369 Location: EU or US
|
Posted: Sat Nov 05, 2016 3:12 am Post subject: |
|
|
You sure my_server resolves to 192.168.0.40?
How about running the client with -v switch. |
|
Back to top |
|
|
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sat Nov 05, 2016 3:29 am Post subject: |
|
|
Yes - my_server does resolve to 192.168.0.40.
Here's the debug output:
Quote: | my_name@gentoo-lvm ~ $ ssh my_server -v
OpenSSH_7.1p1-hpn14v9, OpenSSL 1.0.2e 3 Dec 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to my_server [127.0.0.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1p1-hpn14v9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1p1-hpn14v9
debug1: match: OpenSSH_7.1p1-hpn14v9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to my_server:22 as 'my_name'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:UQebciQg0IIHvFUHG8Yz77oZkZAQNO48emvXROI+5Cg
debug1: Host 'my_server' is known and matches the ECDSA host key.
debug1: Found key in /home/my_name/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/my_name/.ssh/id_rsa
debug1: Trying private key: /home/my_name/.ssh/id_dsa
debug1: Trying private key: /home/my_name/.ssh/id_ecdsa
debug1: Trying private key: /home/my_name/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
Password:
|
|
|
Back to top |
|
|
Buffoon Veteran
Joined: 17 Jun 2015 Posts: 1369 Location: EU or US
|
Posted: Sat Nov 05, 2016 3:35 am Post subject: |
|
|
Code: | debug1: Connecting to my_server [127.0.0.1] port 22. |
See the IP address? |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54216 Location: 56N 3W
|
Posted: Sat Nov 05, 2016 10:18 am Post subject: |
|
|
Robert S,
Populate /etc/hosts or make your local nameserver resolve the name to the IP address. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sat Nov 05, 2016 11:47 am Post subject: |
|
|
I don't quite understand this. If I ping my server it resolves to the correct address:
Quote: | $ ping my_server
PING my_server.mydomain.com.au (192.168.0.40) 56(84) bytes of data.
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=1 ttl=64 time=0.097 ms
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=2 ttl=64 time=0.109 ms
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=3 ttl=64 time=0.120 ms
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=4 ttl=64 time=0.235 ms
|
|
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54216 Location: 56N 3W
|
Posted: Sat Nov 05, 2016 1:19 pm Post subject: |
|
|
Robert S,
Tell us about your local nameserver.
192.168.0.40 is a non routable address, so the internet should not be involved.
Does Code: | ssh -v my_server.mydomain.com.au | give you the correct IP?
Why does ping return a fully qualified domain name (including mydomain.com.au) for a non routable address?
Perhaps it is pinging your public IP?
Lots of people are going to be upset if you have a public A record pointing to 192.168.0.40.
Its harmless but it will only work from your own network. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sun Nov 06, 2016 9:44 am Post subject: SSH - can't use server name to log in [SOLVED] |
|
|
Think I've solved this - replaced Quote: | 127.0.0.1 myserver myserver.mydomain.com.au localhost | with Quote: | 127.0.0.1 localhost | in /etc/hosts in the server |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54216 Location: 56N 3W
|
Posted: Sun Nov 06, 2016 10:24 am Post subject: |
|
|
Robert S,
You may also need an entry for
Code: | 192.168.0.40 my_server my_server.mydomain.com.au |
on my_server so that it can look up its own real IP.
Depending on what you are running on my_server, you can get a range of problems from long startup times, to things not starting at all. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Robert S Guru
Joined: 15 Aug 2004 Posts: 460 Location: Canberra Australia
|
Posted: Sun Nov 06, 2016 11:44 am Post subject: |
|
|
I've already done that. Had problems with long startup times (eg. sendmail) a long time ago. |
|
Back to top |
|
|
|