login about faq

What to consider when an IP address change is needed on a server running an SSH Server?

asked Dec 29 '10 at 21:26

SSH%20KB's gravatar image

SSH KB ♦
509250247238


Changing the IP address of a server running the ssh-server-g3 daemon does not normally affect the SSH server operation. However, there are a few exceptions that should be noted.

Users Connecting via IP

If users are connecting to the sshd2 daemon using IP address rather than hostname, they will need to be notified of the IP address change so they may update their connection profiles. Any users connecting via IP address will also receive a message that they have not connected to this server before when they connect to the server for the first time after the IP address change. They will need to verify the fingerprint of the presented hostkey, then save the hostkey to prevent the message from displaying again.

Listener configuration

The listener element in the /etc/ssh2/ssh-server-config.xml file specifies on which interface the daemon should listen for incoming connections.

By default, the listener address is set to 0.0.0.0, which means the daemon listens on all interfaces, so the config file would not need to be modified in the event of an IP address change if the listener is set to the default value.

If the daemon is set to listen only on a specific interface using the listener element in the /etc/ssh2/ssh-server-config.xml file, the value for the address attribute will need to be updated. Remember to restart the ssh-server-g3 after changing the ssh-server-config.xml file.

Reverse DNS Mapping and Hostbased Authentication

By default, the ssh-server-g3 does not require reverse DNS mapping. However, if there is an error in updating DNS after an IP address change, and either the server is set to require reverse mapping, or if hostbased authentication is being performed and the require-dns-match attribute is set to 'yes' in the /etc/ssh2/ssh-server-config.xml, then users may have trouble authenticating to the daemon. Ensure that DNS is properly configured if users suddenly have trouble connecting or authenticating after an IP address change.

link

answered Dec 29 '10 at 21:33

SSH%20KB's gravatar image

SSH KB ♦
509250247238

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×1

Asked: Dec 29 '10 at 21:26

Seen: 1,955 times

Last updated: Jan 27 '11 at 03:22

Related questions

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.