Cool new feature in OpenSSH 5.7: scp between two remote hosts //at 02:55 //by abe

Just a few days after OpenSSH 5.7 was released upstream, our (Debian’s as well as Ubuntu’s) tireless OpenSSH and GRUB maintainer Colin Watson uploaded a first package of OpenSSH 5.7 to Ubuntu Natty and to Debian Experimental.

Besides the obvious new thing, the implementation of Elliptic Curve Cryptography which promises better speed and shorter keys while staying at the same level of security, one other item of his changelog entry stuck out and caught my attention:

• scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host.

That’s something I always wondered why it didn’t “just work”. While it still doesn’t seem to detect such a situation by default, it’s now at least possible to copy stuff from on remote box to another without ugly port forwarding and tunneling hacks.

Further cool stuff in the changelog:

• sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. It is available through the “ln” command in the client. The old “ln” behaviour of creating a symlink is available using its “-s” option or through the preexisting “symlink” command.

Colin++

“peer holds all free leases” on both DHCP servers //at 15:54 //by abe

At work we run a pair of ISC DHCP servers running Debian Lenny in a classical ISC DHCP failover setup which provide DHCP service to several subnets, some only with static IPs (e.g. for printers) and some with half static and half dynamic IPs.

Today I got a call from a user that her laptop doesn’t get an IP despite it’s correctly registered in our MAC address database from which we generate the “group { }” sections of the dhcpd.conf.

Everything looked fine, but every DHCPDISCOVER package got logged in the syslog on both servers like this:

Jan  7 14:34:39 dhcp1 dhcpd: DHCPDISCOVER from 01:23:45:67:89:ab via eth2: peer holds all free leases
Jan  7 14:34:39 dhcp2 dhcpd: DHCPDISCOVER from 01:23:45:67:89:ab via eth2: peer holds all free leases

Searching the web for this error message mostly results in mails which say “If have this on one server but not the other, you soon run out of IP addresses”, but none which mentions what happens if you got them on both sides. Following a coworker’s idea of adding “both servers” to the search term, I found Debian bug #563449 (dhcp3-server: Incorrect “peer holds all free leases” log entries) which turned out as configuration error or at least unexpected configuration (machine was blocked from getting an IP on purpose) and misleading error messages.

So I checked under which circumstances this computer would not get an IP despite it had a static IP configured:

  host somehost {
    hardware ethernet 01:23:45:67:89:ab;
    fixed-address 192.0.2.123;
  }

That computer would not get an IP address in any subnet which has different IP range and no dynamic IP addresses. And even if I comment out the “fixed-address” setting, it wouldn’t get an IP in any static-IPs-only subnet either.

And *bingo*, that computer was plugged into the printer subnet which has only static IPs, e.g. in the 198.51.100.x range.

So if you get the “peer holds all free leases” error message from both your DHCP servers, chances are very high that the mentioned MAC address should really not get an IP address on this network (as it does :-). The error messages are just somewhat misleading.

Hope, this saves someone some time. :-)