November 15th, 2000, 09:15 AM
I have an office full of servers running OpenSSH. I have a user in a remote location using a dial-up connection with a dynamic IP address, who cannot log-in to our SSH-protected servers.
Riddle me this:
Is there a way to configure SSH to accept traffic based on the domain name instead of the static IP address? Or is there some other way to allow dynamic IPs to log in to an SSH server?
November 15th, 2000, 10:10 AM
>>using a dial-up connection with a dynamic IP address, who cannot log-in to our SSH-protected servers
This could happen only if sshd is run from inetd.
>>Is there a way to configure SSH to accept traffic based
>>on the domain name instead of the static IP address?
I think you don't understand SSH that well. SSHD has nothing to do with the hosts or IPs whether they are local or remote.
SSH is secure shell, of course, your dial-up user needs an account to your office's server, and with a valid shell account, without this, just stop wasting your time any further.
Okay, let's talk a little bit about Telnet, the non-secure shell, maybe you can understand your situation abit more and know what action to take accordingly.
Telnet, by default, is a shell for remote access dedicated for REMOTE HOST. It doesn't matter you are on a dial-up, DSL, cable modem or T1, so long as you get internet access, you should be able to Telnet to the server. Of course, I assume you already have an account on the server you are trying to connect to. Similarily, SSH works the same as Telnet but in a secure manner. The domain name or IP of the client has nothing to do with the SSHD server.
If SSHD is run from inetd, most people don't do this, one can take advantage of the hosts.allow/hosts.deny file to restrict access based on IP/Host Name.
Tell your user to get the SecureCRT 3.12 from -> http://www.vandyke.com/products/securecrt/index.html It supports both SSH1 and SSH2. Right, it's not free, but keygen/crack of it can be found all over the web, I am not going to discuss this matter though.
November 15th, 2000, 01:05 PM
> I think you don't understand SSH that well.
Right you are, my friend.
In the past we used telnet. The user could remotely access his UNIX account no problem. Then, a mysterious wizard installed sshd on our servers. From within the main office, the user can access the servers with "ssh -l username ipaddress". That works fine. At home, he installed an ssh client. When he tries the same login, he is denied access.
I'm going to read over your comment a few more times and hope everything sinks in. I don't quite understand "run from inetd". I'm open to the idea that this might not actually be a ssh problem. Maybe there's something screwy in the firewall. Maybe it's something else. I wish I could find that mysterious wizard. In the mean time I'll try to digest your message. If my babbling has shed any more light on this for you, please light the way.
November 15th, 2000, 04:35 PM
>>Maybe there's something screwy in the firewall
If he can login from office, he should have any problem logging in from home unless there is a firewall in office denying incoming packet for port22.
November 26th, 2000, 11:16 AM
Yup, it was the firewall alright. The firewall was only allowing ssh logins from specific IP addresses. Over-cautious, I guess. Thanks for your help.