Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I run SSH daemon on my Fedora 15 (server). When I generate public/private key on my laptop (client) and put public key to authorized_keys on server it works excellent. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2011
    Posts
    3

    SSH from changed IP


    Hi,
    I run SSH daemon on my Fedora 15 (server). When I generate public/private key on my laptop (client) and put public key to authorized_keys on server it works excellent. But when I change IP address of laptop (change WLAN) I have problem to connect. I searched GOOGLE but I havent find any information. I also tried the same from other laptop with the same result.
    Thank you for help.

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,382
    well, can this new wlan network reach the network of the server?
    The server needs to be either on a public IP, and/or in a routed environment.
    Also, there might be restrictions setup between that new wlan network and the server network.
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Jul 2011
    Posts
    3
    Thank you for post.
    I think connection between client and server is OK. It worked from first WIFI. Then I changed connection to Second WIFI and there was a problem. So I generated new keys and then it was again OK. When I was reconnected to First WIFI I had to use old keys.
    I would like to know if there is any connection between SSH keys and IP address of client.
    Thaks for help.

  4. #4
    Linux Newbie hans51's Avatar
    Join Date
    May 2011
    Posts
    136
    That is a weird problem that should have nothing to do at all with SSH keys
    I work with ssh keys wlan / mobile broadband and LAN - changing IP/ISP every now and then (sometimes multiple times daily) without any problem at all
    of course when ever you change your wlan you have to re-establish NEW ssh connection ) wait until old has time out - then connect again
    there may be a timeout limit too long that blocks a new connection while an old is still logged in or the number of max connection simultaneously allowed (by creating new key pair = you spend waiting TIME to allow timeout of old connections)
    the only IP relevant access restriction you may have if you either are blocked in iptables (/etc/iptables.conf) or /etc/hosts.deny which may expire after a pre-configured time but that time usually is longer than just minutes - more in the range of hours or days
    if ISP (IP) would be blocked, then with any ssh key
    Last edited by hans51; 07-06-2011 at 04:28 AM.

  5. #5
    Linux Enthusiast Mudgen's Avatar
    Join Date
    Feb 2007
    Location
    Virginia
    Posts
    664
    You don't have a "From=" clause in authorized_keys, do you? Assuming rsyslog is running, what does /var/log/secure say on the server when the connection fails?

    If rsyslog is not running, you can enable and start it with
    sudo systemctl enable rsyslog.service
    sudo systemctl enable rsyslog.service

    It was not getting started by default when I upgraded this laptop from F14 to F15, and I had to do that to get logging again.

  6. #6
    Just Joined!
    Join Date
    Jul 2011
    Posts
    3
    Thank you very much for posts.
    I reinstalled my ssh server. Now it works OK.
    I think that I have problems when I don't log in on Login screen. I only press start button and when appears Login screen I try to connect via SSH. And this makes me difficulties. Can be problem here? And what can I do with this, please?
    There is my sshd_config:
    # $OpenBSD: sshd_config,v 1.81 2009/10/08 14:03:41 markus Exp $

    # This is the sshd server system-wide configuration file. See
    # sshd_config(5) for more information.

    # This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin

    # The strategy used for options in the default sshd_config shipped with
    # OpenSSH is to specify options with their default value where
    # possible, but leave them commented. Uncommented options change a
    # default value.

    #Port 22
    #AddressFamily any
    #ListenAddress 0.0.0.0
    #ListenAddress ::

    # The default requires explicit activation of protocol 1
    #Protocol 2

    # HostKey for protocol version 1
    #HostKey /etc/ssh/ssh_host_key
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    #HostKey /etc/ssh/ssh_host_dsa_key

    # Lifetime and size of ephemeral version 1 server key
    #KeyRegenerationInterval 1h
    #ServerKeyBits 1024

    # Logging
    # obsoletes QuietMode and FascistLogging
    #SyslogFacility AUTH
    SyslogFacility AUTHPRIV
    #LogLevel INFO

    # Authentication:

    #LoginGraceTime 2m
    PermitRootLogin yes
    #StrictModes yes
    #MaxAuthTries 6
    #MaxSessions 10

    #RSAAuthentication yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys
    #AuthorizedKeysCommand none
    #AuthorizedKeysCommandRunAs nobody

    # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
    #RhostsRSAAuthentication no
    # similar for protocol version 2
    #HostbasedAuthentication no
    # Change to yes if you don't trust ~/.ssh/known_hosts for
    # RhostsRSAAuthentication and HostbasedAuthentication
    #IgnoreUserKnownHosts no
    # Don't read the user's ~/.rhosts and ~/.shosts files
    #IgnoreRhosts yes

    # To disable tunneled clear text passwords, change to no here!
    #PasswordAuthentication yes
    #PermitEmptyPasswords no
    PasswordAuthentication no

    # Change to no to disable s/key passwords
    #ChallengeResponseAuthentication yes
    ChallengeResponseAuthentication no

    # Kerberos options
    #KerberosAuthentication no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    #KerberosGetAFSToken no
    #KerberosUseKuserok yes

    # GSSAPI options
    #GSSAPIAuthentication no
    GSSAPIAuthentication yes
    #GSSAPICleanupCredentials yes
    GSSAPICleanupCredentials yes
    #GSSAPIStrictAcceptorCheck yes
    #GSSAPIKeyExchange no

    # Set this to 'yes' to enable PAM authentication, account processing,
    # and session processing. If this is enabled, PAM authentication will
    # be allowed through the ChallengeResponseAuthentication and
    # PasswordAuthentication. Depending on your PAM configuration,
    # PAM authentication via ChallengeResponseAuthentication may bypass
    # the setting of "PermitRootLogin without-password".
    # If you just want the PAM account and session checks to run without
    # PAM authentication, then enable this but set PasswordAuthentication
    # and ChallengeResponseAuthentication to 'no'.
    #UsePAM no
    UsePAM yes

    # Accept locale-related environment variables
    AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
    AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
    AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
    AcceptEnv XMODIFIERS

    #AllowAgentForwarding yes
    #AllowTcpForwarding yes
    #GatewayPorts no
    #X11Forwarding no
    X11Forwarding yes
    #X11DisplayOffset 10
    #X11UseLocalhost yes
    #PrintMotd yes
    #PrintLastLog yes
    #TCPKeepAlive yes
    #UseLogin no
    #UsePrivilegeSeparation yes
    #PermitUserEnvironment no
    #Compression delayed
    #ClientAliveInterval 0
    #ClientAliveCountMax 3
    #ShowPatchLevel no
    #UseDNS yes
    #PidFile /var/run/sshd.pid
    #MaxStartups 10
    #PermitTunnel no
    #ChrootDirectory none

    # no default banner path
    #Banner none

    # override default of no subsystems
    Subsystem sftp /usr/libexec/openssh/sftp-server

    # Example of overriding settings on a per-user basis
    #Match User anoncvs
    # X11Forwarding no
    # AllowTcpForwarding no
    # ForceCommand cvs server

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •