maas-devel team mailing list archive

[Andreas Hasenack <andreas@xxxxxxxxxxxxx>]

On Mon, Nov 11, 2013 at 9:30 PM, Julian Edwards <
julian.edwards@xxxxxxxxxxxxx> wrote:

> On 11/11/13 21:48, Andreas Hasenack wrote:
> > ssh also fails when you use the CNAME in the "host=" parameter in
> > authorized_keys:
> >
> > server:
> > Nov 11 11:45:49 wfaxq sshd[2332]: Authentication tried for ubuntu with
> > correct key but not from a permitted host (host=10-0-5-103.maaslocal,
> > ip=10.0.5.103).
> > Nov 11 11:45:49 wfaxq sshd[2332]: Connection closed by 10.0.5.103
> [preauth]
> >
> > /home/ubuntu/.ssh/authorized_keys:
> > from="k8q9m.maaslocal" ssh-rsa AAAAB3NzaC1yc2EA...
> >
> > root@wfaxq:~# host k8q9m.maaslocal
> > k8q9m.maaslocal is an alias for 10-0-5-103.maaslocal.
> > 10-0-5-103.maaslocal has address 10.0.5.103
> >
> > That's exactly what happened with postgresql.
>
>
> Damn.  OK, thanks for the analysis.
>
> Gavin, I suspect we need to make our CNAMEs go away, or perhaps reverse
> the current situation and make the maas name the A record and the
> 1-2-3-4 the CNAME.  Whaddaya think?
>

I think you can keep the CNAME, but that cannot be what ends up being set
as juju's private-address (or public-address for that matter, I think).