Effect on ssh of altering target's assigned ip address

Thu Apr 23 02:15:30 UTC 2009

On Thu, Apr 23, 2009 at 11:22:34AM +1000, Cameron Simpson wrote:
> On 22Apr2009 17:51, Dave Feustel <dfeustel at mindspring.com> wrote:
> | On Wed, Apr 22, 2009 at 05:08:15PM -0430, Patrick O'Callaghan wrote:
> | > On Wed, 2009-04-22 at 17:16 -0400, Dave Feustel wrote:
> | > > After getting ssh to work, I altered the ip addresses of my computers.
> | > 
> | > How? What exactly did you do? Are these addresses static or assigned by
> | > a DHCP server?
> | 
> | All my local net addresses are assigned by dhcpd running on the
> | firewall.
> |  
> | > > Now ssh doesn't work and neither does ping, apparently (in the case of
> | > > ping) because my switch doesn't forget ip addresses even after poweroff.
> | > 
> | > Why do you think there's a problem with ssh if you can't use ping? In
> | > most cases if ping doesn't work, nothing works, assuming pings aren't
> | > being filtered on the way to or from the target. "traceroute <target>"
> | > can be helpful here.
> | 
> | The problem with ping was a result of my switch getting confused after
> | I changed the ip addresses. I've gotten everything working again by
> | going back to the original address assignment and removing power from
> | the switch to make the switch forget address-port associations.
> 
> It may not be the switch. If the two machines are on the same network,
> the machines' own ARP tables will remember the old IP<->MAC mapping,
> though that should time out and refresh after about 30s. Unless the
> switch is doing layer 3 switching (direct IP based routing instead of
> MAC based routing).

Everything seems to be working wrt the switch now. The problem I am now
trying to resolve is why the initial windows load via ssh of XMaple
takes 1 minute 38 seconds. Every complete repaint of the XMaple window takes
approximately the same amount of time. This makes using X11 to run
Maple an agonizingly slow process - too slow to put up with.

> | So does a change of IP address for an ssh target affect the way ssh works?
> |  
> | > You might also try "arp" to see if the IP<->MAC mapping is correct.
> 
> "arp -an" is the fast incantion to test.
-------------------
 2/home/daf}arp -an
? (192.168.6.1) at 00:22:3f:db:f3:90 [ether] on eth0
 2/home/daf}ssh -l daf $C4a
The authenticity of host '192.168.6.32 (192.168.6.32)' can't be
established.
RSA key fingerprint is af:6e:39:4a:4f:15:0d:ed:c9:01:06:e5:11:60:66:1c.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.6.32' (RSA) to the list of known
hosts.
Password: 
Last login: Tue Apr 21 12:57:12 2009 from 192.168.3.1
motd

 2/home/daf}echo $C4a
192.168.6.32
 2/home/daf}
------------------
Note that the ssh session terminated immediately after the successful
login. This has happened several times this afternoon and I have no
idea why. 
> Ssh keeps a ~/.ssh/known_hosts file that logs host keys and IP addresses
> and host names in order to detect when things change (i.e. to check if
> an imposter has arrived).

I deleted the known_hosts file to get rid of the entries with obsolete
ip addresses.

> We would need to see the output of "ssh -v .....", but you should fix
> ping first. If ping doesn't work, ssh almost certainly won't, and for
> reasons having nothing to do with ssh itself.

Ping works fine now. Ssh works. It's just way too slow running XMaple.