[clug] ~/.ssh/authorized_keys and dynDNS
Andrew Janke
a.janke at gmail.com
Tue Jul 24 12:20:15 GMT 2007
Hi all,
Just wondering if someone else has got around this problem once before..
I use dynDNS at home and want to set up an rsync from work (static IP)
to home (dynamic with port-forwarding from cheap router to Linux
machine) without passwords. Ideally I will use dirvish once I have
this all sorted out.
So, I set up the key, set up a command filter and it all works nicely.
The key looks as such in ~/.ssh/authorized_keys on the work (Static
IP) machine:
command="~/bin/vrsync.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-rsa AAAAB3NzaC1yc2EA.......
where ~/bin/vrsync.sh looks like this:
#! /bin/sh
#
# Yes the error message is misleading
case "$SSH_ORIGINAL_COMMAND" in
*\&*)
echo "Destination Host Unreachable"
;;
*\(*)
echo "Destination Host Unreachable"
;;
*\{*)
echo "Destination Host Unreachable"
;;
*\;*)
echo "Destination Host Unreachable"
;;
*\<*)
echo "Destination Host Unreachable"
;;
*\`*)
echo "Destination Host Unreachable"
;;
rsync\ --server\ --sender\ -vlogDtpr\ *)
$SSH_ORIGINAL_COMMAND
;;
*)
echo "ssh: Destination Host Unreachable"
;;
esac
So this all works nicely, but I am paranoid so want to add something like this:
command="~/bin/vrsync.sh",from="xxxxx.selfip.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-rsa AAAAB3NzaC....
Note the added from="" thingo. Now this fails as the hostname does
not resolve correctly.. I get errors in /var/log/auth.log as such:
Jul 24 22:14:47 xxxxx sshd[6174]: Authentication tried for xxxx with
correct key but not from a permitted host
(host=WW-XX-YY-ZZ.dyn.iinet.net.au, ip=WW.XX.YY.ZZ).
In this case the WW.XX.YY.ZZ does match in the log, so it is not that.
I suspect it is the reverse lookup of xxxxx.selfip.com
Is there some way to turn this of in authorized_keys or should I just
write some other script that updates authorized_keys with the correct
IP from time to time? (which incidentally is how I currently update
/etc/hosts.allow on the static IP work machine so that I can log in
from home, unless someone can suggest something better).
ta
--
Andrew Janke (a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia +61 (402) 700 883
More information about the linux
mailing list