All of a sudden 'ssh' and 'scp' won't connect to 3rd party server.
All of a sudden… like last night… my production server won't connect to my 3rd party backup server (rsync.net) via scp or even ssh.
This command should connect and give me a listing. But it dies:
anc1@xxxx:~$ ssh xxxxxx@fm1364.rsync.net ls
ssh: Could not resolve hostname xxxx@fm1364.rsync.net: Name or service not known
But, that command works with my non-production Linode server AND on my home iMac.
Also, I can ping from my linode to the 3rd party fine:
anc1@xxx:~$ ping -c5 fm1364.rsync.net
PING fm1364.rsync.net(fm4.rsync.net (2001:470:1:9a6::17)) 56 data bytes
64 bytes from fm4.rsync.net (2001:470:1:9a6::17): icmp_seq=1 ttl=59 time=4.46 ms
Help!! Any ideas?
4 Replies
ssh xxxxxx@fm1364.rsync.net ls
This is incorrect. The correct command is
ssh fm1364.rsync.net -l xxxxxx ls
According to man ssh:
-l login_name
Specifies the user to log in as on the remote machine. This also may be specified on a per-host basis in the configuration file.
But, that command works with my non-production Linode server AND on my home iMac.
I can't account for this…perchance do you have public keys for these two machines installed on fm1364.rsync.net? This would render the necessity of -l xxxxxx moot.
-- sw
A change was made to the 3rd party server such that it requires a change to the ~/.ssh/config file. We'll see if it works on tonights cron jobs. I'll report back in the morning.
I had something similar happen after I upgraded to macOS Ventura (13.x). Apparently Apple has decided that the RSA cipher is on the verge of being cracked and decided to disallow RSA/DSS ciphers/keys. Of course, they didn't tell anyone about this…
RSA has not been cracked.
I had to re-enable them…while I transitioned to ED25519 keys/cipher. All is copacetic now…but it was sure disconcerting at the time.
-- sw
Yes, the change I made to the SSH config file worked fine.
BTW, the Linode tech I spoke with spent quite a bit of time helping us determine that it was not a Linode issue but, in their words, "Out of scope."
But, the tech was mystified as to why I was given an IP address starting with 192 when I spun up the server 3 years ago. He said that is a "private' IP so he gave me a new public IP starting with 74. (It is on the Uceprotectl3 black list but there is nothing I can do about it. I wish Linode would do something about these scammers.)
Of course I had to change ALL my "A" DNS records at the registry (for the 15 domains I have) as well as a few scripts that use the IP. That chore only took about 15 minutes at the registry (pairdomains.com) and the propagation was quick.
So "all's well that ends well." - William Shakespeare, circa 1623