| Summary: | pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Max Langbein <m_langbe> | ||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED INVALID | ||||||
| Severity: | minor | CC: | djm | ||||
| Priority: | P5 | ||||||
| Version: | 8.0p1 | ||||||
| Hardware: | amd64 | ||||||
| OS: | Linux | ||||||
| Attachments: |
|
||||||
Does the ssh server in this case have UseDNS enabled? It's not on by default. You are right. Sorry for wasting your time, however, you helped me finding my bug , so thank you very much :-) close bugs that were resolved in OpenSSH 8.5 release cycle |
Created attachment 3456 [details] example settings In case the host is ip6 only, and the originating host has ip6+ip4, with the dns entry containing the ip4 address before the ip6 address, no match is recognized, and public-key authentication fails. I may be a general problem with multi-address dns entries, where only the first one is used to compare with the connecting ip.