problem specifying port to ssh

Daniel Kahn Gillmor dkg-openssh.com at fifthhorseman.net
Fri Apr 7 11:07:04 EST 2006 

On April 6, don-temp28 at isis.cs3-inc.com said:

 > The problem seems to be that nisplus comes before dns above.
 > If I add nisplus at the end things still work,
 > if I put it before dns then they don't.
 > So perhaps nisplus fails in some way that causes dns to not be
 > attempted?  And what is this nisplus anyhow?  Is it supposed to 
 > be installed, configured and running in every linux?  If it's not
 > perhaps that's the problem?  

nisplus relies on a NIS+ server being present (and configured).  If
your workstation is looking for NIS+ information from a host that is
not providing it, it probably will fail.

These days, if you don't know for sure that you need NIS+ in your
environment, you probably don't need it.  It's actually a potential
security risk also.

What does the following command show when your system is in the "does
not work" configuration:

  getent services 22

a normal system with glibc and a well-configured /etc/nsswitch.conf
should respond something like:

[dkg at squeak ~]$ getent services 22
ssh                   22/tcp
[dkg at squeak ~]$ 

 > You mean I can somehow arrange that 
 >  ssh -p 22 isis.cs3-inc.com
 > and ssh -p 2222 isis.cs3-inc.com
 > resolve to different IP addresses?  How?

it's not to different IP addresses, but rather different sockets.

from man getaddrinfo (note mention of getservbyname):

 The getaddrinfo(3) function combines the functionality provided by
 the getipnodebyname(3), getipnodebyaddr(3), getservbyname(3), and
 getservbyport(3) functions into a single interface.  The thread-safe
 getaddrinfo(3) function creates one or more socket address structures
 that can be used by the bind(2) and connect(2) system calls to create
 a client or a server socket.

So getaddrinfo can create full socket addresses (which, for TCP or UDP
sockets, would contain port numbers).  Passing the string "22" to the
service argument to getaddrinfo() will force a lookup via the name
service switch (which is configured via /etc/nsswitch.conf).

hope this helps,

	--dkg

More information about the openssh-unix-dev mailing list