Hi!
The change was possibly introduced in the latest release, with the
change from OpenSSH 6.7 to OpenSSH 7.4. OpenSSH 6.8 set the option
UseDNS to default "no":
> * sshd(8): UseDNS now defaults to 'no'. Configurations that match
> against the client host name (via sshd_config or authorized_keys)
> may need to re-enable it or convert to matching against addresses.
Source: https://www.openssh.com/txt/release-6.8
Regards,
/peter
Am 11.01.2018 um 17:44 schrieb Adam Weremczuk:
> Hi all,
>
> I recently performed a series of distro upgrades starting from 7.1
> landing at 9.2.
>
> I have a script running on another 7.1 machine which was connecting fine
> to 7.1 but now it fails after reading authorized_keys file as below:
>
> 11437 read(4, "from=\"*.example.com\" ssh-rsa AAAAXXXXXXXXXX"..., 4096)
> = 4096
> 11437 getpid() = 11437
> 11437 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 8
> 11437 connect(8, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0
> 11437 sendto(8, "<38>Jan 11 16:21:32 sshd[11437]: Authentication tried
> for userx with correct key but not from a permitted host
> (host=192.168.XXX.XXX, ip=192.168.XXX.XXX)"..., 147, MSG_NOSIGNAL, NULL,
> 0) = 147
> 11437 close(8)
>
> So I've tried, -vvv from the source, DEBUG3 on the destination and the
> strace above but can't see anything (such as reversed DNS lookup) apart
> from this single error message.
>
> Connection is established fine when I replace *.example.com with an IP
> address but that's not very scalable.
>
> Can somebody possibly put me in the right direction?
>
> Regards
> Adam Weremczuk
>
Attachment:
signature.asc
Description: OpenPGP digital signature