On 2017-07-27 10:13 AM, Alexander Dahl wrote: > Package: openssh-server > Version: 1:7.4p1-10+deb9u1 > Severity: normal > > Dear Maintainer, > > I used the 'from' field in authorized_keys with an hostname (fqdn) on > Debian 8 (jessie), which worked fine (openssh-server > 1:6.7p1-5+deb8u3). After upgrading the server to stretch, this does > not work anymore. Putting an IP address in this field works however. > This also does not work with current openssh-server in sid > (1:7.5p1-5). In every case it was a hostname correctly resolvable by > DNS, forward and backwards to one IPv4 address. Client has still been > on jessie in both cases. > > The log message on the ssh server when failing is more or less > misleading: > > Jul 27 13:39:16 susan sshd[9562]: Authentication tried for alex with correct > key but not from a permitted host (host=192.168.243.98, ip=192.168.243.98).
The UseDNS directive was switched to "no" in OpenSSH 6.8 [1]: * sshd(8): UseDNS now defaults to 'no'. Configurations that match against the client host name (via sshd_config or authorized_keys) may need to re-enable it or convert to matching against addresses. HTH, Simon 1: https://www.openssh.com/txt/release-6.8
