Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
SSH - can't use server name to log in
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Robert S
Guru
Guru


Joined: 15 Aug 2004
Posts: 443
Location: Canberra Australia

PostPosted: Sat Nov 05, 2016 3:02 am    Post subject: SSH - can't use server name to log in Reply with quote

When I try to log into my server from another linux box I need to use the IP address - it repeatedly asks me for my password:
Quote:
my_name@client-machine ~ $ ssh my_server
Password:
Password:
Password:
Permission denied (publickey,keyboard-interactive).
my_name@client-machine ~ $ ssh 192.168.0.40
Password:
my_name@my_server ~ $

Nothing shows up in my server logs when I use the server name from the client machine, but if I use the server IP address, I get logged in:
Quote:
Nov 5 13:58:12 my_server sshd[4721]: SSH: Server;Ltype: Version;Remote: 192.168.0.28-40973;Protocol: 2.0;Client: OpenSSH_7.1p1-hpn14v9
Nov 5 13:58:12 my_server sshd[4721]: SSH: Server;Ltype: Kex;Remote: 192.168.0.28-40973;Enc: chacha20-poly1305@openssh.com;MAC: <implicit>;Comp: none [preauth]
Nov 5 13:58:15 my_server sshd[4721]: Accepted keyboard-interactive/pam for my_name from 192.168.0.28 port 40973 ssh2
Nov 5 13:58:15 my_server sshd[4721]: pam_unix(sshd:session): session opened for user my_name by (uid=0)

Can somebody solve this long standing mystery?
Back to top
View user's profile Send private message
Buffoon
Veteran
Veteran


Joined: 17 Jun 2015
Posts: 1074
Location: EU or US

PostPosted: Sat Nov 05, 2016 3:12 am    Post subject: Reply with quote

You sure my_server resolves to 192.168.0.40?
How about running the client with -v switch.
Back to top
View user's profile Send private message
Robert S
Guru
Guru


Joined: 15 Aug 2004
Posts: 443
Location: Canberra Australia

PostPosted: Sat Nov 05, 2016 3:29 am    Post subject: Reply with quote

Yes - my_server does resolve to 192.168.0.40.

Here's the debug output:
Quote:
my_name@gentoo-lvm ~ $ ssh my_server -v
OpenSSH_7.1p1-hpn14v9, OpenSSL 1.0.2e 3 Dec 2015
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Connecting to my_server [127.0.0.1] port 22.
debug1: Connection established.
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_rsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_rsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_dsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_dsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ecdsa type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ed25519 type -1
debug1: key_load_public: No such file or directory
debug1: identity file /home/my_name/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_7.1p1-hpn14v9
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.1p1-hpn14v9
debug1: match: OpenSSH_7.1p1-hpn14v9 pat OpenSSH* compat 0x04000000
debug1: Authenticating to my_server:22 as 'my_name'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: AUTH STATE IS 0
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: server->client chacha20-poly1305@openssh.com <implicit> none
debug1: REQUESTED ENC.NAME is 'chacha20-poly1305@openssh.com'
debug1: kex: client->server chacha20-poly1305@openssh.com <implicit> none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:UQebciQg0IIHvFUHG8Yz77oZkZAQNO48emvXROI+5Cg
debug1: Host 'my_server' is known and matches the ECDSA host key.
debug1: Found key in /home/my_name/.ssh/known_hosts:1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/my_name/.ssh/id_rsa
debug1: Trying private key: /home/my_name/.ssh/id_dsa
debug1: Trying private key: /home/my_name/.ssh/id_ecdsa
debug1: Trying private key: /home/my_name/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
Password:
debug1: Authentications that can continue: publickey,keyboard-interactive
Password:
Back to top
View user's profile Send private message
Buffoon
Veteran
Veteran


Joined: 17 Jun 2015
Posts: 1074
Location: EU or US

PostPosted: Sat Nov 05, 2016 3:35 am    Post subject: Reply with quote

Code:
debug1: Connecting to my_server [127.0.0.1] port 22.


See the IP address?
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42563
Location: 56N 3W

PostPosted: Sat Nov 05, 2016 10:18 am    Post subject: Reply with quote

Robert S,

Populate /etc/hosts or make your local nameserver resolve the name to the IP address.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Robert S
Guru
Guru


Joined: 15 Aug 2004
Posts: 443
Location: Canberra Australia

PostPosted: Sat Nov 05, 2016 11:47 am    Post subject: Reply with quote

I don't quite understand this. If I ping my server it resolves to the correct address:
Quote:
$ ping my_server
PING my_server.mydomain.com.au (192.168.0.40) 56(84) bytes of data.
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=1 ttl=64 time=0.097 ms
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=2 ttl=64 time=0.109 ms
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=3 ttl=64 time=0.120 ms
64 bytes from my_server.mydomain.com.au (192.168.0.40): icmp_seq=4 ttl=64 time=0.235 ms
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42563
Location: 56N 3W

PostPosted: Sat Nov 05, 2016 1:19 pm    Post subject: Reply with quote

Robert S,

Tell us about your local nameserver.
192.168.0.40 is a non routable address, so the internet should not be involved.

Does
Code:
ssh -v my_server.mydomain.com.au
give you the correct IP?

Why does ping return a fully qualified domain name (including mydomain.com.au) for a non routable address?
Perhaps it is pinging your public IP?

Lots of people are going to be upset if you have a public A record pointing to 192.168.0.40.
Its harmless but it will only work from your own network.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Robert S
Guru
Guru


Joined: 15 Aug 2004
Posts: 443
Location: Canberra Australia

PostPosted: Sun Nov 06, 2016 9:44 am    Post subject: SSH - can't use server name to log in [SOLVED] Reply with quote

Think I've solved this - replaced
Quote:
127.0.0.1 myserver myserver.mydomain.com.au localhost
with
Quote:
127.0.0.1 localhost
in /etc/hosts in the server
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 42563
Location: 56N 3W

PostPosted: Sun Nov 06, 2016 10:24 am    Post subject: Reply with quote

Robert S,

You may also need an entry for
Code:
192.168.0.40  my_server  my_server.mydomain.com.au

on my_server so that it can look up its own real IP.

Depending on what you are running on my_server, you can get a range of problems from long startup times, to things not starting at all.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Robert S
Guru
Guru


Joined: 15 Aug 2004
Posts: 443
Location: Canberra Australia

PostPosted: Sun Nov 06, 2016 11:44 am    Post subject: Reply with quote

I've already done that. Had problems with long startup times (eg. sendmail) a long time ago.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum