SSH is broken by default -- how to fix? (Can't connect to other computers by hostname!)

The most common uses of linux are development, HPC, server tasks, etc.

For all of these tasks, one requires ssh. To use ssh properly on any local network, local name resolution is absolutely essential, especially if IPs are dynamic.

It’s trivial with Ubuntu, Debian, RHEL, Fedora, Windows, macOS, *BSD, … even puppy linux. But seems impossible to simply “ssh user@othercomputer.local” from Clear Linux, and I don’t even know where to start.

Googling the problem, I was quickly led down a rabbit hole of brokenness with most suggestions being to install and activate avahi-daemon, but I’m sure there’s a simpler way to be able to discover and connect to the other computers by name. It turns out that avahi is completely broken so that’s a dead-end for me, and it complains about needing another package that is unavailable as well, but then I saw a comment about another way, which also happens to be broken, and the paths we’re told to modify don’t even exist and I have no idea what is meant by “your interface”.

While on that frustrating topic, Clear Linux has an incredibly annoying habit of not creating essential linux directories every other distro (including more secure stable distros like RHEL) make by default. It somehow seems some byzantine security audit led to the baffling pronouncement that “oh it’s more secure not to make directories” (highly debatable – of course it’s always more secure to simply omit half of an essential system, but that’s a pathological solution). Clear Linux is proving so painful to set up and use in a basic capacity that it is scary. But I’m continuing to fight hard in hopes of materializing the “performance gain” promised… although I’m becoming more disillusioned by the minute, sadly.

I’m not a kernel developer and really don’t care to be. If deep kernel sysadmins are the only realistic audience for Clear Linux, this should be stated clearly on the main page to avoid a lot of wasted time by folks like me trying to get it working.

Think I solved it but can’t find this anywhere online:

  1. get a root shell (i.e. sudo su - )
  2. Run this: printf "LLMNR=yes\nMulticastDNS=yes\n" >> /etc/systemd/resolved.conf; for interface in $(ifconfig | grep "Ethernet" | sed 's/ .*//'); do systemd-resolve --set-mdns=yes --interface=$interface; done
  3. Reboot network: systemctl restart systemd-resolved

Now it works. This is so arcane.

To persist after reboots (and apply to all networks), add a step 4:
4. mkdir /etc/systemd/network; printf '[Match]\nName=*\n\n[Network]\nMulticastDNS=yes\n' > /etc/systemd/network/zzz.network

6 Likes

Never give up.


1 Like

Updates:

  1. Clarified what was meant by “reboot” (reboot the network, not the computer)
  2. Added step 4 if users want to have the config persist across reboots for all networks (with the exception of any networks that already have “.network” config files, which would take precedence).
1 Like

What i did was to modify this file vi /usr/lib/systemd/resolved.conf.d/80-noLLMNR.conf and set llmnr to yes

than i was able to ping the host by hostname, this is a permanent fix.

1 Like

Thanks so much for this. I suggest the Clear Linux team add this to basic setup documentation as this is of huge importance for anyone accessing servers on a network (particularly one that uses dynamic IPs, new/changing node names, etc – but really any network would benefit).

Could someone from the dev team weigh in on why mDNS (or llmnr) is forcibly disabled by default? Curious to hear the logic behind this decision.

In the file that disables LLMNR (pointed to by ffc91 above), there is an obscure comment:

Disable Link Level Multicast Name Resolution
It stops gethostbyaddr_r getting FQDN

What could this mean? Why would LLMNR prevent getting a fully qualified domain name by a host ip address? Why is this relevant/important? Was this a workaround to some old kernel bug? Can it be removed now? What about mDNS (multicast DNS is the route I initially took above, which seems distinct from LLMNR?). So very obscure.

More reading reveals the LLMNR is not the same as mDNS (although they both enable resolution of node names on a local network). LLMNR seems to be the older technology and a potential security issue if you can’t vet all the machines on your localnet (rare but I guess possible if you expose your ethernet jacks to random folks). Because of this limited reading, I still think a pure mDNS solution may be preferable over enabling LLMNR but don’t know enough of the specifics to be sure of this recommendation. It seems both will work and ffc91’s solution is indeed easier – it’s a one-word edit of a file!

1 Like

If you want to enter this as a feature request and/or documentation bug in github, that will ensure that it doesn’t get lost.

Chris