I kept seeing these messages:
Jun 12 04:09:18 nyi sshd[94523]: Authentication tried for dan with correct key but not from a permitted host (host=dbclone.example.org, ip=10.6.0.9). Jun 12 04:09:18 nyi sshd[94523]: Authentication tried for dan with correct key but not from a permitted host (host=dbclone.example.org, ip=10.6.0.9).
I’ve been seeing them for a long time. How long? Three years. I didn’t think it was that long. But back in July 2010 I mentioned it.
After being woken up at 2am this morning and not being able to get back to sleep, I checked email. I found that error message again in my logs. I investigated it again. I found my July 2010 post. And a fix referenced by a Debian bug report.
During this research, I noticed that RedHat just closes bugs for release X when release X is end-of-lifed. I can understand why, but bugs persist between releases.
I then wondered if this fix (revision 1.27 of openssh/auth2-pubkey.c) was in FreeBSD. It’s not in 8.2 or 8.3, but it’s in 9.0.
That nyi server mentioned above? It’s 8.2. The dbclone server connecting to it? That’s 8.2 as well. I think it’s time I upgraded both servers to 9.1.
Or maybe just install openssh-portable into base? Then this error will disappear :-)
That’s a good idea. Thank you. I’m not sure what I’ll do now…