(Return to web page)
Post Comments
Comment Guidelines
All comments are moderated. The goal is not simply to eliminate
obnoxious stuff, but to only allow useful on-topic discussions -- it's not
a place to hang out. Moderation time is expected to be a day or two
in most cases, but I do take vacations.
Your comments will be read by me, but they may not be posted. In particular,
saying thanks or "you rock" or whatever is certainly appreciated, but I
won't add it to the public comments unless there's useful information there
for others. Comments that say "you suck" are much more likely to be posted,
as long as a reason is given that's somewhat productive.
Posting a comment is not a promise to keep it here forever, I may remove
any or all comments at any time.
I may edit postings for simple and obvious errors, and I may remove
profanity. Only listed HTML terms are allowed in messages. Name
and email address will be fully stripped or quoted to prevent HTML
tag usage and other possible abuses.
You can provide either a public or a private email address, or none
at all. Private addresses are good if you want a personal response from
me. I do not provide any automatic notification of new comments.
There is no re-editing after posting, however you can simply post again,
and hopefully I'll notice this in moderating, and will post the latest
version. If your post is already up, just add another post with any
corrections, and in most cases I'll pub up both posts, rather than hand-
correcting the original.
*Email addresses are scrambled and encoded in a non-mailto URL.
People with javascript see a normal working email link, but robots
(and people) without javascript see a URL with gibberish in it.
This
link is a sample with working javascript (clicking should bring up
a mailer), and
this
link is appoximately how it looks without
javascript (click to see how your address will look to people without
javascript). If you view the source, you'll see they're all gibberish.
8 comments:
At 2021/05/27 14:57 Chris D wrote:
|
You say that, "Unfortunately there's no ssh_config pattern for hosts that means "match all hostnames with no dot". Have you considered this version? Host *.* Hostname %h Host * Hostname %h.example.com Chris
|
At 2021/05/27 15:01 wrote:
|
No, I haven't tried that. It looks like it should work though. Thanks!
|
At 2021/06/20 19:53 Norm Gaywood wrote:
|
This was most helpful, thank you! Some time ago the default in Fedora in sshd_config for UseDNS changed from Yes to No. I found that I had to: sshd_config:UseDNS yes Otherwise I'd get a log message like this: sshd[2540]: userauth_hostbased mismatch: client sends HOSTNAME, but we resolve 128.100.X.Y to 128.100.X.Y See: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHUseDNSErrorAnnoyance
|
At 2021/08/20 9:23 BoBo wrote:
|
I have problem when I change ssh port. When I change ssh port I need to run another scanning ssh-keyscan to create new ssh_known_hosts file. New ssh_known_hosts file is different than old one. In old one file everything is in one line: h,host,host.domain,IP key... but in new one ssh_known_hosts file, which contain port number, every alias is in new line: [h]:portNumber key... [host]:portNumber key... etc. In this case above procedure fails when it read ssh_known_host2 second time(point 10.). It can't find fqdn hostname and hostbased authentication fails. Is this work only on standard ssh 22 port?
|
At 2021/08/20 15:41 wrote:
|
I haven't seen this. I do have some entries in my known_hosts in this format but none of them are hostbased so it hasn't caused any issue. I have one guess though: are you using a non-privileged port? Hostbased authentication may require the answering port to be below 1024.
|
At 1969/12/31 19:00 Chris D wrote:
|
You say that, "Unfortunately there's no ssh_config pattern for hosts that means "match all hostnames with no dot". Have you considered this version? Host *.* Hostname %h Host * Hostname %h.example.com Chris
|
At 1969/12/31 19:00 Norm Gaywood wrote:
|
This was most helpful, thank you! Some time ago the default in Fedora in sshd_config for UseDNS changed from Yes to No. I found that I had to: sshd_config:UseDNS yes Otherwise I'd get a log message like this: sshd[2540]: userauth_hostbased mismatch: client sends HOSTNAME, but we resolve 128.100.X.Y to 128.100.X.Y See: https://utcc.utoronto.ca/~cks/space/blog/sysadmin/OpenSSHUseDNSErrorAnnoyance
|
At 1969/12/31 19:00 BoBo wrote:
|
I have problem when I change ssh port. When I change ssh port I need to run another scanning ssh-keyscan to create new ssh_known_hosts file. New ssh_known_hosts file is different than old one. In old one file everything is in one line: h,host,host.domain,IP key... but in new one ssh_known_hosts file, which contain port number, every alias is in new line: [h]:portNumber key... [host]:portNumber key... etc. In this case above procedure fails when it read ssh_known_host2 second time(point 10.). It can't find fqdn hostname and hostbased authentication fails. Is this work only on standard ssh 22 port?
|
End Comments
Return to web page.