2

Suppose I have some device with multiple addresses like so (due to some combination of AD and VMWare NAT name resolution, but that's not germane):

[centos@localhost ~]$ getent hosts my-weird-AD-device.company.com
192.168.1.10   my-weird-AD-device.company.com
192.168.4.13   my-weird-AD-device.company.com

The address I have a route to is 192.168.1.10, from a device on the same network segment as 192.168.4.13.

If I try to SSH directly to 192.168.1.10, everything works fine, but SSH'ing by hostname fails, because it tries to connect to 192.168.4.13.

...
debug2: resolving "my-weird-ad-device.company.com" port 22
debug1: Connecting to my-weird-ad-device.company.com [192.168.4.13] port 22.

Can I control this behavior somehow, from the SSH client? I don't want to hardcode an IP into ~/.ssh/config or /etc/hosts as the working IP isn't static - I want to do this via name lookup if possible.

javanix
  • 247
  • 3
  • 15

1 Answers1

2

How does OpenSSH / NSS determine the address to use for a hostname with multiple DNS entries?

getaddrinfo() the libc name resolver. Every address resolved is attempted, see sshconnect.c

ssh_config is sometimes useful as a crude name resolver because HostName real name keywords can go under Host or Match blocks. Problem is, I don't know of a way to modify these without duplicating the IP addresses. It is not powerful enough to rewrite names any way you like.

glibc allows influence of getaddrinfo sort order via gai.conf. This is not a ssh client config, it would affect glibc name resolution, and almost all software on the system.

Multiple DNS records of the same name, only one of which works to connect, is causing problems. Alter DNS such that there is a name that can be used for SSH. For example, renaming one of those zones such that the full name is unqiue, say my-weird-AD-device.zone.company.com. Or, add an additional short name to DNS for this host with only the correct IP, so my-weird-AD-device-2.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32