tech-j
January 24th, 2017, 11:08 PM
I recently upgraded a machine from 12.04.5-LTS to 14.04, then to 16.04 to get it current.
Since then I have noticed that my scripts started failing.
So I started by checking the Auth Log and see this very ambiguous error:
server sshd[1356]: message repeated 2 times: [ userauth_hostbased mismatch: client sends another-server.domain.com, but we resolve 172.16.1.89 to 172.16.1.89]
server sshd[1418]: message repeated 2 times: [ userauth_hostbased mismatch: client sends alternate-server.domain.com, but we resolve 172.16.1.18 to 172.16.1.18]
So then I did a "last" to see if it was doing the RDNS, which it is not doing.
root pts/0 172.16.1.96 Tue Jan 24 16:41 still logged in
root pts/0 172.16.1.96 Tue Jan 24 16:28 - 16:41 (00:12)
But if I do a "last" on my 12.04.5-LTS Machine, it does show the server names instead of the IP's and it is not having the "Auth" Issues show above.
root pts/12 admin.domain.com Sun Jan 22 22:01 still logged in
root pts/12 admin.domain.com Sat Jan 21 13:59 - 15:02 (01:03)
If I run a "host" query from the command line, it properly resolves names to IP's and IP's back to names, no problem.
So I am trying to figure out how to get libc to do RDNS mapping again to prevent the Auth Failures based on DNS/IP Names when connecting via SSH.
What changed that this is not working now?
Has anyone else noticed this issue when upgrading?
Please advise.
Tech-J
Since then I have noticed that my scripts started failing.
So I started by checking the Auth Log and see this very ambiguous error:
server sshd[1356]: message repeated 2 times: [ userauth_hostbased mismatch: client sends another-server.domain.com, but we resolve 172.16.1.89 to 172.16.1.89]
server sshd[1418]: message repeated 2 times: [ userauth_hostbased mismatch: client sends alternate-server.domain.com, but we resolve 172.16.1.18 to 172.16.1.18]
So then I did a "last" to see if it was doing the RDNS, which it is not doing.
root pts/0 172.16.1.96 Tue Jan 24 16:41 still logged in
root pts/0 172.16.1.96 Tue Jan 24 16:28 - 16:41 (00:12)
But if I do a "last" on my 12.04.5-LTS Machine, it does show the server names instead of the IP's and it is not having the "Auth" Issues show above.
root pts/12 admin.domain.com Sun Jan 22 22:01 still logged in
root pts/12 admin.domain.com Sat Jan 21 13:59 - 15:02 (01:03)
If I run a "host" query from the command line, it properly resolves names to IP's and IP's back to names, no problem.
So I am trying to figure out how to get libc to do RDNS mapping again to prevent the Auth Failures based on DNS/IP Names when connecting via SSH.
What changed that this is not working now?
Has anyone else noticed this issue when upgrading?
Please advise.
Tech-J