https://bugzilla.mindrot.org/show_bug.cgi?id=3507
--- Comment #8 from Darren Tucker <[email protected]> --- (In reply to Thomas Koeller from comment #5) > (In reply to Darren Tucker from comment #3) > > Also, what's in sshd_config? Unless you have your DNS forward and > > reverse exactly right, you probably want > > "HostbasedUsesNameFromPacketOnly yes" in sshd_config. > > Attaching the sever configuration. > > Here is the result of a forward/reverse lookup of the host name in > used, I think that should be o.k.? Hard to tell from here but I don't see anything obvious. Setting HostbasedUsesNameFromPacketOnly would remove name resolution as a variable, though. I note from the logs that this is a vendor-modified version of OpenSSH 8.8. Can you reproduce the problem with a current version of stock openssh from openssh.com? There were a couple of fixes to hostbased in 8.9, but I think only RSA keys were affected and you're not using those: * ssh(1): unbreak hostbased auth using RSA keys. Allow ssh(1) to select RSA keys when only RSA/SHA2 signature algorithms are configured (this is the default case). Previously RSA keys were not being considered in the default case. * ssh-keysign(1): make ssh-keysign use the requested signature algorithm and not the default for the key type. Part of unbreaking hostbased auth for RSA/SHA2 keys. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
