Authentication tried for XXX with correct key but not from a
permitted host
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun Jul 11 07:45:02 UTC 2010
On 11/07/2010 04:04:57, Dan Langille wrote:
> That asked, I know if I move the key to the top of the
> ~/.ssh/authorized_keys file, the message is no longer logged. Further
> investigation reveals that if a line of the form:
>
> from="10..etc"
>
> appears before the key being used to log in, the message will appear.
Usually the from='10.0.0.100' tag should be inserted at the beginning of
the line for each key it should affect. It shouldn't do anything on a
line on its own -- in fact that should be a syntax error. The behaviour
you're seeing sounds like something new: it isn't what sshd(8) describes
in the section on AUTHORIZED_KEYS FILE FORMAT.
This new behaviour sounds as if it could be quite useful for easing the
management of complicated authorised_keys files, but I'd have expected
some sort of notice somewhere. I can't see anything relevant in the
release notes for OpenSSH for versions 5.0, 5.1, 5.3, 5.3, 5.4 or 5.5
[Eg. http://www.openssh.org/txt/release-5.4 -- 8.1-PRERELEASE has
OpenSSH 5.4p1 bundled]. Nor anything in any of the ssh(1),
ssh_config(1), sshd(8), sshd_config(8) man pages.
Maybe it's a bug, but one that has fortuitously useful effects.
Cheers,
Mathew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 267 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20100711/516b1306/signature.pgp
More information about the freebsd-stable
mailing list