SSH with multiple hostnames
I've got sshd working on my ubuntu server, but it does not work for all of my domains.
It works for the IP address, as well as other.com, and
For main.com it tells me my password is incorrect. If you ping main.com it is pinging the same IP as all the other domains are on and is seen in my /etc/hosts.
In my /etc/hosts they are all defined and point to the same hostname that is found in /etc/hostname.
I set it all up yesterday. Is there something I need to do to refresh the caches on my client or on the server?
How should I be setting the server up for multiple hosts over ssh?
Thanks
Tim
17 Replies
@ngtech:
Ok, the problem is sorted. It turns out that even though ping was showing the linode IP my DNS records weren't all pointing to the linode IP, very strange.
Check your forward and reverse DNS match.
Lookup your hostname and you should get your IP.
Lookup your IP and you should get your hostname.
You don't need to use ping to resolve a hostname or IP address. Use a dns tool like host or dig. Ping performs a DNS lookup, but then proceeds to send packets at the target. This is entirely unrelated to resolving the target's hostname.
$ host newark3.linode.com
newark3.linode.com has address 207.192.68.8
$
@ngtech:
and
www.main.com , but not main.com - they're all running off the same IP.
This is a massive misuse of the domain name system. If there are subdomains beneath a certain higher-level domain, then the higher-level domain should not have an address associated with it.
If all domain and subdomains resolve to the same IP, what difference does it make?
It's not like the ssh daemon cares how you got there.
@kmweber:
@ngtech:and
www.main.com , but not main.com - they're all running off the same IP.This is a massive misuse of the domain name system. If there are subdomains beneath a certain higher-level domain, then the higher-level domain should not have an address associated with it.
According to who?
$ host -t A icann.org
icann.org has address 192.0.32.7
$ host -t A www.icann.org
www.icann.org has address 192.0.32.7
$ host -t A linode.com
linode.com has address 67.18.186.61
$ host -t A www.linode.com
www.linode.com has address 67.18.186.61
@kmweber:
@ngtech:and
www.main.com , but not main.com - they're all running off the same IP.This is a massive misuse of the domain name system. If there are subdomains beneath a certain higher-level domain, then the higher-level domain should not have an address associated with it.
It's perfectly valid to have one IP for a domain and another for a subdomain.
@sednet:
@kmweber:
@ngtech:and
www.main.com , but not main.com - they're all running off the same IP.This is a massive misuse of the domain name system. If there are subdomains beneath a certain higher-level domain, then the higher-level domain should not have an address associated with it.
It's perfectly valid to have one IP for a domain and another for a subdomain.
It's "valid" in the sense that "it'll probably work," but not in the sense that "it fits in with the conceptual, hierarchical view of the domain name system."
@kmweber:
It's "valid" in the sense that "it'll probably work," but not in the sense that "it fits in with the conceptual, hierarchical view of the domain name system."
Seriously? Just stop. You're making yourself look like a fool. Using the same IP for both a domain and a subdomain is not a "massive misuse" of DNS, nor will it "probably work", it does work, just fine. In fact, it works just fine to have hundreds of domains and hundreds more subdomains pointing to the same IP.
@glg:
@kmweber:It's "valid" in the sense that "it'll probably work," but not in the sense that "it fits in with the conceptual, hierarchical view of the domain name system."
Seriously? Just stop. You're making yourself look like a fool. Using the same IP for both a domain and a subdomain is not a "massive misuse" of DNS, nor will it "probably work", it does work, just fine. In fact, it works just fine to have hundreds of domains and hundreds more subdomains pointing to the same IP.
Please respond to what I actually said, and not what you might like to pretend I said. I never denied that what you describe would "work" in a technical sense. What I am saying is that having a subdomain and its parent domain resolve to an address at all, regardless of whether or not they're the same, is not valid regardless of whether or not it works, because it's inconsistent with the conceptual framework of the domain name system, period.
@kmweber:
Please respond to what I actually said, and not what you might like to pretend I said. I never denied that what you describe would "work" in a technical sense. What I am saying is that having a subdomain and its parent domain resolve to an address at all, regardless of whether or not they're the same, is not valid regardless of whether or not it works, because it's inconsistent with the conceptual framework of the domain name system, period.
I'm not sure exactly what the problem is that you have with that. I am sure that you're the first and only person I've ever seen who has this issue. Perhaps the problem is you and not the way people use DNS?
@Xan:
I'm not sure exactly what the problem is that you have with that. I am sure that you're the first and only person I've ever seen who has this issue. Perhaps the problem is you and not the way people use DNS?
I wouldn't be surprised if he was also against cross-domain CNAME records as well!
@kmweber:
@glg:
@kmweber:It's "valid" in the sense that "it'll probably work," but not in the sense that "it fits in with the conceptual, hierarchical view of the domain name system."
Seriously? Just stop. You're making yourself look like a fool. Using the same IP for both a domain and a subdomain is not a "massive misuse" of DNS, nor will it "probably work", it does work, just fine. In fact, it works just fine to have hundreds of domains and hundreds more subdomains pointing to the same IP.
Please respond to what I actually said, and not what you might like to pretend I said. I never denied that what you describe would "work" in a technical sense. What I am saying is that having a subdomain and its parent domain resolve to an address at all, regardless of whether or not they're the same, is not valid regardless of whether or not it works, because it's inconsistent with the conceptual framework of the domain name system, period.
I sense that you might be thinking of the restriction on certain types of RRs, which do not allow them to be at the same level; an example is a zone with an SOA record which also has a CNAME for @. That will work in today's DNS (and many companies take advantage of it), but is technically a violation of RFC1912
The hierarchical nature of the DNS that you refer to really means zone delegation, and not names within that zone. Although this may have been a guiding principle at some point in the past – the DNS existed before I became interested in IT -- it is not today as implemented. I can probably find hundreds of zones which have an A for @ and subdomains within them.
I won't argue with you and tell you that you're wrong, just that everybody doing so is likely taken aback by what can be considered an odd belief. The Web would be broken indeed if the DNS did not allow folks to type "google.com" instead of "
It sounds a lot like the tilting at windmills that I do against HTML emails, for example. It works in the "real world", and people expect it, but it just ain't right dammit.
However, I still don't see that argument here. How exactly does this practice break the hierarchy of DNS? Why can't an element (casting things into XML terms) have both child elements AND its own attributes?
I realize that's not how DNS actually works, nor is it particularly good XML, but I don't see how it presents a hierarchical problem.
@kmweber:
What I am saying is that having a subdomain and its parent domain resolve to an address at all, regardless of whether or not they're the same, is not valid regardless of whether or not it works, because it's inconsistent with the conceptual framework of the domain name system, period.
Uh-huh.