Bug#869903: regression: putting an hostname in authorized_keys from="" field does not work anymore in stretch
Package: openssh-server
Version: 1:7.4p1-10+deb9u1
Severity: normal
Dear Maintainer,
I used the 'from' field in authorized_keys with an hostname (fqdn) on
Debian 8 (jessie), which worked fine (openssh-server
1:6.7p1-5+deb8u3). After upgrading the server to stretch, this does
not work anymore. Putting an IP address in this field works however.
This also does not work with current openssh-server in sid
(1:7.5p1-5). In every case it was a hostname correctly resolvable by
DNS, forward and backwards to one IPv4 address. Client has still been
on jessie in both cases.
The log message on the ssh server when failing is more or less
misleading:
Jul 27 13:39:16 susan sshd[9562]: Authentication tried for alex with correct key but not from a permitted host (host=192.168.243.98, ip=192.168.243.98).
Greets
Alex
-- System Information:
Debian Release: 9.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Kernel: Linux 4.9.0-3-686-pae (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-server depends on:
ii adduser 3.115
ii debconf [debconf-2.0] 1.5.61
ii dpkg 1.18.24
ii init-system-helpers 1.48
ii libaudit1 1:2.6.7-2
ii libc6 2.24-11+deb9u1
ii libcomerr2 1.43.4-2
ii libgssapi-krb5-2 1.15-1
ii libkrb5-3 1.15-1
ii libpam-modules 1.1.8-3.6
ii libpam-runtime 1.1.8-3.6
ii libpam0g 1.1.8-3.6
ii libselinux1 2.6-3+b1
ii libssl1.0.2 1.0.2l-2
ii libsystemd0 232-25+deb9u1
ii libwrap0 7.6.q-26
ii lsb-base 9.20161125
ii openssh-client 1:7.4p1-10+deb9u1
ii openssh-sftp-server 1:7.4p1-10+deb9u1
ii procps 2:3.3.12-3
ii ucf 3.0036
ii zlib1g 1:1.2.8.dfsg-5
Versions of packages openssh-server recommends:
ii libpam-systemd 232-25+deb9u1
ii ncurses-term 6.0+20161126-1
ii xauth 1:1.0.9-1+b2
Versions of packages openssh-server suggests:
ii molly-guard 0.6.4
pn monkeysphere <none>
pn rssh <none>
pn ssh-askpass <none>
pn ufw <none>
-- debconf information:
ssh/new_config: true
* ssh/vulnerable_host_keys:
ssh/encrypted_host_key_but_no_keygen:
* ssh/use_old_init_script: true
openssh-server/permit-root-login: true
ssh/disable_cr_auth: false
Reply to: