From owner-freebsd-stable@FreeBSD.ORG Sun Jul 11 03:04:59 2010 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35F3C1065673 for ; Sun, 11 Jul 2010 03:04:59 +0000 (UTC) (envelope-from dan@langille.org) Received: from nyi.unixathome.org (nyi.unixathome.org [64.147.113.42]) by mx1.freebsd.org (Postfix) with ESMTP id 0A64B8FC1C for ; Sun, 11 Jul 2010 03:04:58 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by nyi.unixathome.org (Postfix) with ESMTP id 6E6215093D for ; Sun, 11 Jul 2010 04:04:58 +0100 (BST) X-Virus-Scanned: amavisd-new at unixathome.org Received: from nyi.unixathome.org ([127.0.0.1]) by localhost (nyi.unixathome.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BvBlOC1N4gdq for ; Sun, 11 Jul 2010 04:04:57 +0100 (BST) Received: from smtp-auth.unixathome.org (smtp-auth.unixathome.org [10.4.7.7]) (Authenticated sender: hidden) by nyi.unixathome.org (Postfix) with ESMTPSA id EED4C5089E for ; Sun, 11 Jul 2010 04:04:56 +0100 (BST) Message-ID: <4C3934D9.3030501@langille.org> Date: Sat, 10 Jul 2010 23:04:57 -0400 From: Dan Langille Organization: The FreeBSD Diary User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5 MIME-Version: 1.0 To: FreeBSD Stable Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Authentication tried for XXX with correct key but not from a permitted host X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 11 Jul 2010 03:04:59 -0000 This is more for the record than asking a specific question. Today I upgraded a system to FreeBSD 8.1-PRERELEASE. Then I started seeing these messages when I ssh to said box with an ssh-agent enabled connection: Jul 11 03:43:06 ngaio sshd[30290]: Authentication tried for dan with correct key but not from a permitted host (host=laptop.example.org, ip=10.0.0.100). Jul 11 03:43:07 ngaio sshd[30290]: Authentication tried for dan with correct key but not from a permitted host (host=laptop.example.org, ip=10.0.0.100). Jul 11 03:43:07 ngaio sshd[30290]: Accepted publickey for dan from 10.0.0.100 port 53525 ssh2 My questions were: 1 - how do I set a permitted host? 2 - why is the message logged twice? That asked, I know if I move the key to the top of the ~/.ssh/authorized_keys file, the message is no longer logged. Further investigation reveals that if a line of the form: from="10..etc" appears before the key being used to log in, the message will appear. Solution: move the from= line to the bottom of the file. Ugly, but it works. -- Dan Langille - http://langille.org/