Hi! The change was possibly introduced in the latest release, with the change from OpenSSH 6.7 to OpenSSH 7.4. OpenSSH 6.8 set the option UseDNS to default "no":
> * sshd(8): UseDNS now defaults to 'no'. Configurations that match > against the client host name (via sshd_config or authorized_keys) > may need to re-enable it or convert to matching against addresses. Source: https://www.openssh.com/txt/release-6.8 Regards, /peter Am 11.01.2018 um 17:44 schrieb Adam Weremczuk: > Hi all, > > I recently performed a series of distro upgrades starting from 7.1 > landing at 9.2. > > I have a script running on another 7.1 machine which was connecting fine > to 7.1 but now it fails after reading authorized_keys file as below: > > 11437 read(4, "from=\"*.example.com\" ssh-rsa AAAAXXXXXXXXXX"..., 4096) > = 4096 > 11437 getpid() = 11437 > 11437 socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 8 > 11437 connect(8, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = 0 > 11437 sendto(8, "<38>Jan 11 16:21:32 sshd[11437]: Authentication tried > for userx with correct key but not from a permitted host > (host=192.168.XXX.XXX, ip=192.168.XXX.XXX)"..., 147, MSG_NOSIGNAL, NULL, > 0) = 147 > 11437 close(8) > > So I've tried, -vvv from the source, DEBUG3 on the destination and the > strace above but can't see anything (such as reversed DNS lookup) apart > from this single error message. > > Connection is established fine when I replace *.example.com with an IP > address but that's not very scalable. > > Can somebody possibly put me in the right direction? > > Regards > Adam Weremczuk >
signature.asc
Description: OpenPGP digital signature
