Due to various power outage issues in the region, I've had to fall back on ConnectBot to connect to our servers. The ip addresses for Airtel 2G seem to be all over the place, as given at https://as.robtex.com/as45609.
So, instead of white-listing all the ip ranges 106.0.0.0/8, 223.0.0.0/8, 27.0.0.0/8, 171.0.0.0/8, 182.0.0.0/8, and so on, just added our Voxel server's key to authorized_keys, and added its ip to the allowed range.
Took me an extra ten minutes to do this. First,
host media.radiosai.org
gave me the wrong ip address to allow - the Cloudflare CDN's ip address! Then, the copy-paste of the id_rsa.pub added newlines, so I got errors like error: key_from_blob: can't read
as seen in /var/log/messages of the server. Removed the unnecessary newlines, got it working - there is no need to restart sshd when adding keys.
So, instead of white-listing all the ip ranges 106.0.0.0/8, 223.0.0.0/8, 27.0.0.0/8, 171.0.0.0/8, 182.0.0.0/8, and so on, just added our Voxel server's key to authorized_keys, and added its ip to the allowed range.
Took me an extra ten minutes to do this. First,
host media.radiosai.org
gave me the wrong ip address to allow - the Cloudflare CDN's ip address! Then, the copy-paste of the id_rsa.pub added newlines, so I got errors like error: key_from_blob: can't read
as seen in /var/log/messages of the server. Removed the unnecessary newlines, got it working - there is no need to restart sshd when adding keys.
No comments:
Post a Comment