Thursday, March 24, 2011

Another reason, just another one...

I hate people that uses /etc/hosts to force feed DNS resolving.
I do, I think it is a sloppy solution for production servers, something that saves your ass in a minute but that you forget about until you have to debug a problem and waste a lot of time till you realize that someone might have hard coded the hostname on the damn file.

Yesterday found out just another reason to hate that even more, I was setting up an Rsnapshot backup over SSH with pub key authentication, when I hit a wall with this error message:

Authentication tried for root with correct key but not from a permitted host (host=hostXX, ip=::ffff:xxx.xxx.xxx.xxx).

It turns out that there was an entry on the /etc/hosts file that defined the host from where I was trying to connect from... Tested this:

from="FQDN,xxx.xxx.xxx.xxx",command="check_rsync.script.sh" ssh-rsa the.key.goes.here...

But it did not work, had to put exactly as it was called on the /etc/hosts entry:

from="hostXX,xxx.xxx.xxx.xxx",command="check_rsync.script.sh" ssh-rsa the.key.goes.here...

After that, it worked A Ok.

Labels: , , , ,

1 Comments:

Anonymous Anonymous said...

Just in case someone else ends up here, also take a look at your sshd_config file and ensure that the 'UseDNS' directive is not set to 'no'.

1:58 AM  

Post a Comment

<< Home