[clug] ~/.ssh/authorized_keys and dynDNS

Andrew Janke a.janke at gmail.com
Tue Jul 24 12:20:15 GMT 2007 

Hi all,

Just wondering if someone else has got around this problem once before..

I use dynDNS at home and want to set up an rsync from work (static IP)
to home (dynamic with port-forwarding from cheap router to Linux
machine) without passwords.  Ideally I will use dirvish once I have
this all sorted out.

So, I set up the key, set up a command filter and it all works nicely.
 The key looks as such in ~/.ssh/authorized_keys on the work (Static
IP) machine:

command="~/bin/vrsync.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-rsa AAAAB3NzaC1yc2EA.......

where ~/bin/vrsync.sh looks like this:

#! /bin/sh
#
# Yes the error message is misleading

case "$SSH_ORIGINAL_COMMAND" in
   *\&*)
      echo "Destination Host Unreachable"
      ;;
   *\(*)
      echo "Destination Host Unreachable"
      ;;
   *\{*)
      echo "Destination Host Unreachable"
      ;;
   *\;*)
      echo "Destination Host Unreachable"
      ;;
   *\<*)
      echo "Destination Host Unreachable"
      ;;
   *\`*)
      echo "Destination Host Unreachable"
      ;;

   rsync\ --server\ --sender\ -vlogDtpr\ *)
      $SSH_ORIGINAL_COMMAND
      ;;

   *)
      echo "ssh: Destination Host Unreachable"
      ;;
esac

So this all works nicely, but I am paranoid so want to add something like this:

command="~/bin/vrsync.sh",from="xxxxx.selfip.com",no-port-forwarding,no-X11-forwarding,no-agent-forwarding
ssh-rsa AAAAB3NzaC....

Note the added from="" thingo.  Now this fails as the hostname does
not resolve correctly.. I get errors in /var/log/auth.log as such:

Jul 24 22:14:47 xxxxx sshd[6174]: Authentication tried for xxxx with
correct key but not from a permitted host
(host=WW-XX-YY-ZZ.dyn.iinet.net.au, ip=WW.XX.YY.ZZ).

In this case the WW.XX.YY.ZZ does match in the log, so it is not that.
 I suspect it is the reverse lookup of xxxxx.selfip.com

Is there some way to turn this of in authorized_keys or should I just
write some other script that updates authorized_keys with the correct
IP from time to time? (which incidentally is how I currently update
/etc/hosts.allow on the static IP work machine so that I can log in
from home, unless someone can suggest something better).

ta


-- 
Andrew Janke   (a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia    +61 (402) 700 883

More information about the linux mailing list