SSH with Multiple Interfaces

Edward Murrell edward at dlconsulting.com
Thu Jan 18 16:27:42 EST 2007


Hi there,

I've currently fighting issues with a couple of multi-homed hosts on my
network here.
I've read the FAQ on this subject, and I'm still not sure what to do.

http://www.faqs.org/faqs/kerberos-faq/general/section-47.html

The problem stems from the fact that our the host in question resides on
both an internal (10.0.0.0/8) and external network (general internet),
and has two host names associated with it;

34.88.99.100      foogazzi.example.com
10.0.0.1      foogazzi.office.example.com

The office.example.com domain is obviously not generally accessible to
the outside world. The principle application here is SSH, which will
account for about 99% of the Kerberos enabled traffic. SSH appears to
have some very large issues with multiple interfaces and SSH.

If I set the DNS and Reverse DNS to correctly return the above values
and add both host/principles to the key  as you would expect, and tell
the server that it's hostname is foogazzi.example.com, I get some
interesting results.

Logging in from the outside works fine.

Logging in from the internal LAN does the following;

    edward at coughdrop:~$ ssh foogazzi.office.example.com
    Disconnecting: Protocol error: didn't expect packet type 34

Essentially, the server complains that the client has handed it the
ticket for the wrong host, and has bailed out.

The other option I've tried is to tell the RDNS for the internal IP to
return the external name. Eg;
    10.0.0.1 => foogazzi.example.com

However, this gives me the following output;

    edward at black ~ $ ssh foogazzi.office.example.com
    Address 10.0.0.1 maps to foogazzi.example.com but this does not map
back to the address - POSSIBLE BREAKIN ATTEMPT!
    Password:

D'oh.

Any suggestions?

Regards
Edward Murrell






More information about the Kerberos mailing list