Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Problem with ssh

  1. #11
    Join Date
    Dec 2008
    Location
    Montana, USA
    Posts
    632

    Default Re: Problem with ssh

    Quote Originally Posted by rawar View Post
    Is 10.118.118.91 your ISP router ?
    Yes, it is.

    I would guess that PDP-11 is resolved direct from 10.118.118.91 and VAX-11 is forwarded to the ISP upstream DNS servers.
    Looking at the results from dig, it would seem so. However, the hostname in the DHCP server on the router has the correct hostnames for all devices. It seems to have picked them up automagically when it assigned the ip address to each device and it connected.

    And these servers return some rubbish for unknown DNS requests instead of NXDOMAIN.
    NXDOMAIN ???

    Is it possible that the PDP-11 machine gets its IP from the 10.118.118.91 router via DHCP and the VAX-11 machine is using a static IP setup ?
    No. All machines have reserved ip addresses set in the DHCP server on the router. But the check box in the Network Settings that says Set Hostname via DHCP says No and the Name Server Addresses are all blank.

    If the router is adding DHCP clients to a local DNS resolver in the router this could maybe explain this strange behavior.
    Then, I should set up a DNS in my server and add it's address to each of the machines in my network?

    Bart

  2. #12
    Join Date
    Dec 2008
    Location
    Montana, USA
    Posts
    632

    Default Re: Problem with ssh

    OK. NXDOMAIN. Got it!

    Bart

  3. #13
    Join Date
    Jun 2008
    Location
    San Diego, Ca, USA
    Posts
    13,285
    Blog Entries
    2

    Default Re: Problem with ssh

    The router 10.118.118.91 is also providing you DNS services.
    That address is a class A private network address unless it has a network mask with fewer bits than 255.0.0.0(smaller than 255 in that first octet).
    I'm guessing that your VAX-11 server is either configured only facing the Internet (either naked or in a firewall DMZ). Your current DNS server has only the one record containing the public facing address of this machine although depending on your network architecture could have other addresses.
    As configured, your VAX-11 server can be accessed from both your LAN and the Internet.
    If this Server is either in a Firewall DMZ or in your LAN, you should investigate re-configuring access to be from within your LAN only and close connections made from the Internet.


    Your DNS has a private Class A network address (unless your subnet mask has less than 255 bits, ie a number smaller than 255 in the following default subnet mask 255.0.0.0) for your PDP-11 Server. Using this address, this server can be accessed only within your LAN, and not from the Internet.


    From what you've posted, although you didn't say I assume you are connecting to these two machines from a machine in your LAN.


    I assume also that the above tests were run on a machine that can connect to your VAX-11 since both resolve
    You should run the same dig tests on your problem machine to see if it returns a different result or no result.


    TSU
    Beginner Wiki Quickstart - https://en.opensuse.org/User:Tsu2/Quickstart_Wiki
    Solved a problem recently? Create a wiki page for future personal reference!
    Learn something new?
    Attended a computing event?
    Post and Share!

  4. #14
    Join Date
    Dec 2008
    Location
    Montana, USA
    Posts
    632

    Default Re: Problem with ssh

    I'm using a net mask of 255.255.255.0 That should put it in the area of non-routable, no?

    And, yes, I am addressing these machines from inside my network, using a computer at 10.118.118.5. I don't want any to be facing the public internet. When I go to GRC's site, it reports that no ports are open.

    All of the network settings I can find within yast are the same for all computers on this network, (except for the ip address of course!) All devices on this network are using reserved addresses in the DHCP server of my router. The host address has been set in each machine and is set to not be configurable by the DHCP server. The host address shown in my router are as they should be.

    I'm guessing that your VAX-11 server is either configured only facing the Internet (either naked or in a firewall DMZ). Your current DNS server has only the one record containing the public facing address of this machine although depending on your network architecture could have other addresses.
    As configured, your VAX-11 server can be accessed from both your LAN and the Internet.
    If this Server is either in a Firewall DMZ or in your LAN, you should investigate re-configuring access to be from within your LAN only and close connections made from the Internet.
    How do I verify this?


    Bart

  5. #15
    Join Date
    Dec 2008
    Location
    Montana, USA
    Posts
    632

    Default Re: Problem with ssh SOLVED!

    Seems my computer was configured properly after all.
    I found a bug in my router. When I added the list of reserved addresses, I managed to fat finger the hostname of VAX-11. So, I changed it. No Problem. Except... the change didn't take place! The router insisted on using the original hostname.
    I figured it out when I used the cli command hostname and then the command dnsdomainname. They were different and the last command showed the improperly spelled hostname. When I tried to use ssh and the improper name, it worked.
    I have filed a support ticket with the router company and I think this problem will go away.

    BTW, I fixed it by actually removing the entry for VAX-11, rebooting the router and then re-entering it a lot more carefully this time.

    Thanks for all the help I have received with this mess.

    Bart

Page 2 of 2 FirstFirst 12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •