Date: Sun, 11 Jul 2010 08:44:40 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-stable@freebsd.org Subject: Re: Authentication tried for XXX with correct key but not from a permitted host Message-ID: <4C397668.6060904@infracaninophile.co.uk> In-Reply-To: <4C3934D9.3030501@langille.org> References: <4C3934D9.3030501@langille.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigB0580895971B966953610BFB Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 11/07/2010 04:04:57, Dan Langille wrote: > That asked, I know if I move the key to the top of the > ~/.ssh/authorized_keys file, the message is no longer logged. Further > investigation reveals that if a line of the form: >=20 > from=3D"10..etc" >=20 > appears before the key being used to log in, the message will appear. Usually the from=3D'10.0.0.100' tag should be inserted at the beginning o= f the line for each key it should affect. It shouldn't do anything on a line on its own -- in fact that should be a syntax error. The behaviour you're seeing sounds like something new: it isn't what sshd(8) describes in the section on AUTHORIZED_KEYS FILE FORMAT. This new behaviour sounds as if it could be quite useful for easing the management of complicated authorised_keys files, but I'd have expected some sort of notice somewhere. I can't see anything relevant in the release notes for OpenSSH for versions 5.0, 5.1, 5.3, 5.3, 5.4 or 5.5 [Eg. http://www.openssh.org/txt/release-5.4 -- 8.1-PRERELEASE has OpenSSH 5.4p1 bundled]. Nor anything in any of the ssh(1), ssh_config(1), sshd(8), sshd_config(8) man pages. Maybe it's a bug, but one that has fortuitously useful effects. Cheers, Mathew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enigB0580895971B966953610BFB Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.14 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkw5dm4ACgkQ8Mjk52CukIzKLwCghPzYo8Wva0y18HT8J1alkRvi sJkAn2ctpzzAtC2sn3ILSNcHY4LsGdnr =X+pL -----END PGP SIGNATURE----- --------------enigB0580895971B966953610BFB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4C397668.6060904>