[clug] ~/.ssh/authorized_keys and dynDNS

Andrew Janke a.janke at gmail.com
Tue Jul 24 12:20:15 GMT 2007

Hi all,

Just wondering if someone else has got around this problem once before..

I use dynDNS at home and want to set up an rsync from work (static IP)
to home (dynamic with port-forwarding from cheap router to Linux
machine) without passwords.  Ideally I will use dirvish once I have
this all sorted out.

So, I set up the key, set up a command filter and it all works nicely.
 The key looks as such in ~/.ssh/authorized_keys on the work (Static
IP) machine:

ssh-rsa AAAAB3NzaC1yc2EA.......

where ~/bin/vrsync.sh looks like this:

#! /bin/sh
# Yes the error message is misleading

      echo "Destination Host Unreachable"
      echo "Destination Host Unreachable"
      echo "Destination Host Unreachable"
      echo "Destination Host Unreachable"
      echo "Destination Host Unreachable"
      echo "Destination Host Unreachable"

   rsync\ --server\ --sender\ -vlogDtpr\ *)

      echo "ssh: Destination Host Unreachable"

So this all works nicely, but I am paranoid so want to add something like this:

ssh-rsa AAAAB3NzaC....

Note the added from="" thingo.  Now this fails as the hostname does
not resolve correctly.. I get errors in /var/log/auth.log as such:

Jul 24 22:14:47 xxxxx sshd[6174]: Authentication tried for xxxx with
correct key but not from a permitted host
(host=WW-XX-YY-ZZ.dyn.iinet.net.au, ip=WW.XX.YY.ZZ).

In this case the WW.XX.YY.ZZ does match in the log, so it is not that.
 I suspect it is the reverse lookup of xxxxx.selfip.com

Is there some way to turn this of in authorized_keys or should I just
write some other script that updates authorized_keys with the correct
IP from time to time? (which incidentally is how I currently update
/etc/hosts.allow on the static IP work machine so that I can log in
from home, unless someone can suggest something better).


Andrew Janke   (a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia    +61 (402) 700 883

More information about the linux mailing list