Problem with ssh

I have 5 opensuse computers on my home network. I use ssh to log into each of them to perform updates from my desktop. I can log into all but one of them using their host name as such:

bart@UNIVAC:~> ssh PDP-11 -lbart
Password: 
Last login: Sat Feb 27 13:16:17 2021 from 10.118.118.5
Have a lot of fun...
bart@PDP-11:~> 

However, one of the machines will not let me in this way. I can log in using the ip address:

bart@UNIVAC:~> ssh 10.118.118.8 -lbart
Password: 
Last login: Sat Feb 27 13:03:55 2021 from 10.118.118.5
Have a lot of fun...
bart@VAX-11:~> 

and, as you can see, it returns with the host name as the prompt. However, if I use the hostname:

bart@UNIVAC:~> ssh VAX-11 -lbart



I only get the cursor at the left of the screen. I have to Ctrl-C to get the prompt back.

What am I missing?

Bart

Is the Name in your /etc/hosts

Or how do you get your intern DNS?

@Saurland is saying that your name resolution isn’t mapping the machine name to the IP address on the client machine.
There are a number of ways this can be done on your network, most commonly by a /etc/hosts entry or by DNS.
What are you doing regarding the other machines you can connect successfully and why is this machine different?
Implement the same solution to fix this one machine.

Most likely connecting by IP address and returning the machine name as a response is because the remote machine did that mapping for you, and if you’re using a certificate for encryption, the certificate requires the connection by name.

TSU

This is strange.

My first guess would be that something in “.bashrc” isn’t working or is waiting for an addition line of input. But it is hard to guess what might be wrong.

Could you add the -v option to get some ssh debug messages.

> ssh -v VAX-11 -lbart

I understand. That’s the conclusion I came to.

There are a number of ways this can be done on your network, most commonly by a /etc/hosts entry or by DNS.

I would rather not maintain a hosts file on each machine. That means I need to set up a DNS server, correct? Should that be on my router?

What are you doing regarding the other machines you can connect successfully and why is this machine different?

When I decided to try using ssh, I went to each of the remote machines and made sure sshd was running. Then, I just opened konsole and used the ip address to connect and it worked. Some time later, I wondered if it would work using the host name, so I tried it and again, it just worked. I did get a certificate and accepted it each time, both for the ip address and again for the host name.

Implement the same solution to fix this one machine.

Using yast, I have gone through all the settings I can find and they are all the same on all machines.

Most likely connecting by IP address and returning the machine name as a response is because the remote machine did that mapping for you, and if you’re using a certificate for encryption, the certificate requires the connection by name.

TSU

I have checked the hosts file on all the machines on this network and none have anything in them except the information placed there by the installation. I have not configured a DNS on anything on my network. Everything points to my ISP’s DNS. As I understand from the posts here, I shouldn’t be able to log into any of the machines, yet I can.

Bart

bart@UNIVAC:~> ssh -v VAX-11 -lbart
OpenSSH_8.1p1, OpenSSL 1.1.1d  10 Sep 2019
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 20: Applying options for *
debug1: Connecting to VAX-11 [198.105.244.23] port 22.
^C
bart@UNIVAC:~> 

Where on earth did 198.105.244.23 come from? That’s an address outside of my network. Could my ISP’s DNS be returning that address? Maybe my “cutsie” little naming system for devices isn’t so great after all! I guess this is a good example of why one should set up a DNS on their network.

Should it go on my router, or on the server? I only need to list the devices on my network?

Bart

Well the 198.105.244.23 is a internet ip registered for Akamai according to whois.
Could you post

dig VAX-11

and

dig PDP-11
bart@UNIVAC:~> dig VAX-11

; <<>> DiG 9.16.6 <<>> VAX-11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30747
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;VAX-11.                                IN      A

;; ANSWER SECTION:
VAX-11.                 10      IN      A       198.105.244.23
VAX-11.                 10      IN      A       198.105.254.23

;; Query time: 232 msec
;; SERVER: 10.118.118.91#53(10.118.118.91)
;; WHEN: Wed Mar 03 11:06:22 MST 2021
;; MSG SIZE  rcvd: 56



and

bart@UNIVAC:~> dig PDP-11

; <<>> DiG 9.16.6 <<>> PDP-11
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23663
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;PDP-11.                                IN      A

;; ANSWER SECTION:
PDP-11.                 0       IN      A       10.118.118.11

;; Query time: 4 msec
;; SERVER: 10.118.118.91#53(10.118.118.91)
;; WHEN: Wed Mar 03 11:07:38 MST 2021
;; MSG SIZE  rcvd: 51


I’ll bet Akamia is quite happy with me.

Bart

Is 10.118.118.91 your ISP router ? I would guess that PDP-11 is resolved direct from 10.118.118.91 and VAX-11 is forwarded to the ISP upstream DNS servers.
And these servers return some rubbish for unknown DNS requests instead of NXDOMAIN.
Is it possible that the PDP-11 machine gets its IP from the 10.118.118.91 router via DHCP and the VAX-11 machine is using a static IP setup ?
If the router is adding DHCP clients to a local DNS resolver in the router this could maybe explain this strange behavior.

Yes, it is.

I would guess that PDP-11 is resolved direct from 10.118.118.91 and VAX-11 is forwarded to the ISP upstream DNS servers.

Looking at the results from dig, it would seem so. However, the hostname in the DHCP server on the router has the correct hostnames for all devices. It seems to have picked them up automagically when it assigned the ip address to each device and it connected.

And these servers return some rubbish for unknown DNS requests instead of NXDOMAIN.

NXDOMAIN ???

Is it possible that the PDP-11 machine gets its IP from the 10.118.118.91 router via DHCP and the VAX-11 machine is using a static IP setup ?

No. All machines have reserved ip addresses set in the DHCP server on the router. But the check box in the Network Settings that says Set Hostname via DHCP says No and the Name Server Addresses are all blank.

If the router is adding DHCP clients to a local DNS resolver in the router this could maybe explain this strange behavior.

Then, I should set up a DNS in my server and add it’s address to each of the machines in my network?

Bart

OK. NXDOMAIN. Got it!

Bart

The router 10.118.118.91 is also providing you DNS services.
That address is a class A private network address unless it has a network mask with fewer bits than 255.0.0.0(smaller than 255 in that first octet).
I’m guessing that your VAX-11 server is either configured only facing the Internet (either naked or in a firewall DMZ). Your current DNS server has only the one record containing the public facing address of this machine although depending on your network architecture could have other addresses.
As configured, your VAX-11 server can be accessed from both your LAN and the Internet.
If this Server is either in a Firewall DMZ or in your LAN, you should investigate re-configuring access to be from within your LAN only and close connections made from the Internet.

Your DNS has a private Class A network address (unless your subnet mask has less than 255 bits, ie a number smaller than 255 in the following default subnet mask 255.0.0.0) for your PDP-11 Server. Using this address, this server can be accessed only within your LAN, and not from the Internet.

From what you’ve posted, although you didn’t say I assume you are connecting to these two machines from a machine in your LAN.

I assume also that the above tests were run on a machine that can connect to your VAX-11 since both resolve
You should run the same dig tests on your problem machine to see if it returns a different result or no result.

TSU

I’m using a net mask of 255.255.255.0 That should put it in the area of non-routable, no?

And, yes, I am addressing these machines from inside my network, using a computer at 10.118.118.5. I don’t want any to be facing the public internet. When I go to GRC’s site, it reports that no ports are open.

All of the network settings I can find within yast are the same for all computers on this network, (except for the ip address of course!) All devices on this network are using reserved addresses in the DHCP server of my router. The host address has been set in each machine and is set to not be configurable by the DHCP server. The host address shown in my router are as they should be.

I’m guessing that your VAX-11 server is either configured only facing the Internet (either naked or in a firewall DMZ). Your current DNS server has only the one record containing the public facing address of this machine although depending on your network architecture could have other addresses.
As configured, your VAX-11 server can be accessed from both your LAN and the Internet.
If this Server is either in a Firewall DMZ or in your LAN, you should investigate re-configuring access to be from within your LAN only and close connections made from the Internet.

How do I verify this?

Bart

Seems my computer was configured properly after all.
I found a bug in my router. When I added the list of reserved addresses, I managed to fat finger the hostname of VAX-11. So, I changed it. No Problem. Except… the change didn’t take place! The router insisted on using the original hostname.
I figured it out when I used the cli command hostname and then the command dnsdomainname. They were different and the last command showed the improperly spelled hostname. When I tried to use ssh and the improper name, it worked.
I have filed a support ticket with the router company and I think this problem will go away.

BTW, I fixed it by actually removing the entry for VAX-11, rebooting the router and then re-entering it a lot more carefully this time.

Thanks for all the help I have received with this mess.

Bart