Authentication tried for XXX with correct key but not from a
permitted host
Dan Langille
dan at langille.org
Sun Jul 11 03:04:59 UTC 2010
This is more for the record than asking a specific question.
Today I upgraded a system to FreeBSD 8.1-PRERELEASE. Then I started
seeing these messages when I ssh to said box with an ssh-agent enabled
connection:
Jul 11 03:43:06 ngaio sshd[30290]: Authentication tried for dan with
correct key but not from a permitted host (host=laptop.example.org,
ip=10.0.0.100).
Jul 11 03:43:07 ngaio sshd[30290]: Authentication tried for dan with
correct key but not from a permitted host (host=laptop.example.org,
ip=10.0.0.100).
Jul 11 03:43:07 ngaio sshd[30290]: Accepted publickey for dan from
10.0.0.100 port 53525 ssh2
My questions were:
1 - how do I set a permitted host?
2 - why is the message logged twice?
That asked, I know if I move the key to the top of the
~/.ssh/authorized_keys file, the message is no longer logged. Further
investigation reveals that if a line of the form:
from="10..etc"
appears before the key being used to log in, the message will appear.
Solution: move the from= line to the bottom of the file. Ugly, but it
works.
--
Dan Langille - http://langille.org/
More information about the freebsd-stable
mailing list