Authentication tried for XXX with correct key but not from a permitted host

Sun Jul 11 07:45:02 UTC 2010

On 11/07/2010 04:04:57, Dan Langille wrote:

> That asked, I know if I move the key to the top of the
> ~/.ssh/authorized_keys file, the message is no longer logged. Further
> investigation reveals that if a line of the form:
> 
> from="10..etc"
> 
> appears before the key being used to log in, the message will appear.

Usually the from='10.0.0.100' tag should be inserted at the beginning of
the line for each key it should affect.  It shouldn't do anything on a
line on its own -- in fact that should be a syntax error.  The behaviour
you're seeing sounds like something new: it isn't what sshd(8) describes
in the section on AUTHORIZED_KEYS FILE FORMAT.

This new behaviour sounds as if it could be quite useful for easing the
management of complicated authorised_keys files, but I'd have expected
some sort of notice somewhere.  I can't see anything relevant in the
release notes for OpenSSH for versions 5.0, 5.1, 5.3, 5.3, 5.4 or 5.5
[Eg. http://www.openssh.org/txt/release-5.4 -- 8.1-PRERELEASE has
OpenSSH 5.4p1 bundled].  Nor anything in any of the ssh(1),
ssh_config(1), sshd(8), sshd_config(8) man pages.

Maybe it's a bug, but one that has fortuitously useful effects.

	Cheers,

	Mathew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
JID: matthew at infracaninophile.co.uk               Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100711/516b1306/signature.pgp