SSH trouble between linux and mac on same LAN

I’m trying to ssh from my mac to my pc running opensuse and vice versa. I’ve checked my firewall settings on both machines to make sure that ssh is allowed.

When I try to ssh from my mac, it works sometimes, but the rest of the time I get the message: “Could not resolve hostname … nodename nor servname provided, or not known.” It works when the opesuse pc has just booted and is at the login screen, when I turn the firewall off, a little while after I turn the firewall back on, and after I change my domain name in yast network settings. ‘Secure Shell Server’ is listed under allowed services in my firewall settings, so I really can’t see why the firewall should be the problem.

I can’t ssh onto my mac at all. I can access it from any other mac on the network with “ssh stew@hostname.local”. I was recently running ubuntu and was able to ssh onto my mac out of the box, so I know this shouldn’t be too difficult to set up.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Post the IP information from both machines. On Linux these commands are best:

ip addr
ip route
grep -v ‘^#’ /etc/resolv.conf
sudo /usr/sbin/iptables-save

Good luck.

On 06/19/2011 05:06 AM, stewSquared wrote:
>
> I’m trying to ssh from my mac to my pc running opensuse and vice versa.
> I’ve checked my firewall settings on both machines to make sure that ssh
> is allowed.
>
> When I try to ssh from my mac, it works sometimes, but the rest of the
> time I get the message: “Could not resolve hostname … nodename nor
> servname provided, or not known.” It works when the opesuse pc has just
> booted and is at the login screen, when I turn the firewall off, a
> little while after I turn the firewall back on, and after I change my
> domain name in yast network settings. ‘Secure Shell Server’ is listed
> under allowed services in my firewall settings, so I really can’t see
> why the firewall should be the problem.
>
> I can’t ssh onto my mac at all. I can access it from any other mac on
> the network with “ssh stew@hostname.local”. I was recently running
> ubuntu and was able to ssh onto my mac out of the box, so I know this
> shouldn’t be too difficult to set up.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJN/hdGAAoJEF+XTK08PnB5QNIP/RCjtgEe4xYj9FLO8tDRdGww
xgzNEiIOhAti++rBEnZMZgQaX2qEv/0NumRjROJ8usFGbHIZhLkuKqilBAMOiCjz
JjQzLAR2KsB6vf1L2avdS7NNzw7RFvvp1VGnEUomRc8vMeAI/ODQ+ohAvnzA3Huj
qSllHCI/lR48UJLOs40XG8sn/pw6OpXSHv7dI9Jw8+X2ZgvHReqG5dLdbZ2LjjOx
7g+OZEB9XAXX56As/BO+OxYQ9dl6mccWAHoX5HhJYuWgz68M5kXQB6CRC6/w1Aqq
/4b7xxFeg/6/97E5maP7BkgN9mTYIcQXXBzubN6ACxtV/h1XG6d6dj0Qy5GJSyDY
svSXEw27/Y5PTWKDUUL1+FkKwC84sigIO8Ok1/xnuVansjL23iOyf4+VEdR0rSqE
6eeRbyrbc511TwAEBrDyKFA5VBKUPW2aCX2zkMGGI3aT/1LmlVd/R0rSh0WMUIeu
++p1SEjYDPCKsVZersnuuklZ1tR35wR4U1RiAw9RcwEn9qZ54xtlMaDCeN4g5uS9
8QjowjQBONrcZXRE2PuuwNcEJqQwiTu5VrtcmN0epfbtQg4X6vII5SQsPh0OGnJ8
FvzeiStPDfO9W4oV8Y08UDk6WnbjTLBekepCCcj7twb4HpJ3s021N7FojLAfnRxt
Db8um0jsuoN2OEMXPGWo
=cppQ
-----END PGP SIGNATURE-----

I think I’ve figured it out, but I need to make sure my firewall is still secure.

With the firewall on, I was only able to ssh using a machine’s ip address, but I was at least able to do it both ways.
With the firewall turned off, I was able to ssh both ways using user@hotname.local, so I figured something must be screwed up with my firewall.

In YaST firewall settings, under Interface, I have eth0 configured int internal zone.
Under Allowed Services, Secure Shell Server is allowed for External and demilitarized zone, and ‘Protect Firewall from internal Zone is unchecked’. Are these settings safe?

@ab I’m sorry I didn’t end up posting the information you asked for, but thanks for offering the help anyway!

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Just to be clear, you should never use ‘local’ as your DNS domain since it
is “special” per other RFCs. If you are using local your system will try
to use mDNS (not the same as DNS) and that can cause issues since in most
cases that is not what you intend.

Good luck.

On 06/19/2011 01:36 PM, stewSquared wrote:
>
> I think I’ve figured it out, but I need to make sure my firewall is
> still secure.
>
> With the firewall on, I was only able to ssh using a machine’s ip
> address, but I was at least able to do it both ways.
> With the firewall turned off, I was able to ssh both ways using
> user@hotname.local, so I figured something must be screwed up with my
> firewall.
>
> In YaST firewall settings, under Interface, I have eth0 configured int
> internal zone.
> Under Allowed Services, Secure Shell Server is allowed for External and
> demilitarized zone, and ‘Protect Firewall from internal Zone is
> unchecked’. Are these settings safe?
>
> @ab I’m sorry I didn’t end up posting the information you asked for,
> but thanks for offering the help anyway!
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJN/2H9AAoJEF+XTK08PnB5shsP/14mAXoKQCWEbxgVmCGt+Tsm
UEHwykyPkqHWs0ZKHHF/dSQ60OswoRl+kyUqXuvlZGQCGYBckpPRB0d8lR3HproU
/biDnbfmWtSDPSqwe6Nf+4kJDWeP8Anch6sPCZopJEdhiS+dBiX8S+sRJsHrCLD5
UgzX7zdBUi21GTv1ztgEn7do9uzYvrPGMcyte8tzF7kIzx2rMtfbpqBeL918h5KW
L1zLQwm9fPPD1pzLgDlNePsgHcyDlsviqwCKKIdMmGjcQ2LqWE6TmcwqAA/Uo1ny
Qn9NUxjvtuPdow+Fal2y89erF/9TagVEVqbQeVxnXKRrmXt+30iOy1kVzSOrjA92
qwzzHVcg7kJzxM1YexIKB37R6kcLcUj/nbH5lFcXdgMOQumQDrWOpHDyqcq85OO6
JGHsWpTGZYUAEKhvKMDeuuLlZNeHOu6DFwJZyzK/YvyslfopTJBawTstE8ZiH9jm
RcjqNeHSAqGfQ9vDhdRY06C/FDfvwp1G5gQ7Q9N15oCjE30sVIy1J9MVD7xZloj4
E1ekaiH7U8ffz521H8mIZVja8OsN+WzDQK2GVTJxEWlp8Cs09c3wCZwaCfApIlDF
5p47RPcFBOlPI9TkM7uofnPrbtJR/ryfdKu1soTkAhDtlzx7k0ckeX+kpK3vdY4l
2VSBHzlXMu/zM1A83dXg
=HMB6
-----END PGP SIGNATURE-----

Thanks, though I didn’t use ‘local’ – I just left it blank. Apple uses local to specify the local area network, so I use .local whenever I’m ssh-ing to or from a mac. It seems like just using the host name, with no domain, works otherwise.

Use a properly configured DNS in your lan or put all your computers’ ips, fullnames and aliases in the file /etc/hosts on each computer (Linux and Mac OSX). See man hosts. You should set up your lan yourself (in case you didn’t) , not let a router do it for you.