I hate people that uses /etc/hosts to force feed DNS resolving.
I do, I think it is a sloppy solution for production servers, something that saves your ass in a minute but that you forget about until you have to debug a problem and waste a lot of time till you realize that someone might have hard coded the hostname on the damn file.
Yesterday found out just another reason to hate that even more, I was setting up an Rsnapshot backup over SSH with pub key authentication, when I hit a wall with this error message:
Authentication tried for root with correct key but not from a permitted host (host=hostXX, ip=::ffff:xxx.xxx.xxx.xxx).
It turns out that there was an entry on the /etc/hosts file that defined the host from where I was trying to connect from... Tested this:
from="FQDN,xxx.xxx.xxx.xxx",command="check_rsync.script.sh" ssh-rsa the.key.goes.here...
But it did not work, had to put exactly as it was called on the /etc/hosts entry:
from="hostXX,xxx.xxx.xxx.xxx",command="check_rsync.script.sh" ssh-rsa the.key.goes.here...
After that, it worked A Ok.
Labels: Backups, CentOS 5, IT slaves, Linux, Security