[Bug 1698317] Re: AllowUsers *@*.local in /etc/ssh/sshd_config does not work

Trent Lloyd trent.lloyd at canonical.com
Sat Jul 1 08:17:49 UTC 2017 

Likely the reason this doesn't work, is because nss-mdns does not
resolve reverse DNS for IP addresses other than the link local range
(169.254.0.0/16).  This is by design and per-spec.

So this will never work, you'll need to look at either:
(1) using the IP address range (according to the sshd_config man page you can use a CIDR range), or
(2) setting up a local real DNS zone synchronised with your DHCP server so that it sets up something like hostname.lan with matching reverse DNS.

** Changed in: openssh (Ubuntu)
       Status: New => Invalid

** Changed in: avahi (Ubuntu)
       Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to avahi in Ubuntu.
https://bugs.launchpad.net/bugs/1698317

Title:
  AllowUsers *@*.local in /etc/ssh/sshd_config does not work

Status in avahi package in Ubuntu:
  Invalid
Status in openssh package in Ubuntu:
  Invalid

Bug description:
  I installed Ubuntu Mate 16.04 on two of my computers. The software has
  been brought uptodate to at least May 2017.

  They are both on my local wifi network and should both be using Zeroconf/Avahi/Bonjour.
  I have the same username on both machines.

  I copied /usr/share/doc/avahi-daemon/examples/ssh.service 
  to /etc/avahi/services
  $ sudo service avahi-daemon restart

  I installed sshd on "faustino"
  $ sudo apt-get install openssh-server 

  With the default /etc/ssh/sshd_config I can succesfully ssh to faustino thus
  $ ssh -v localhost			/* from faustino */
  $ ssh -v faustino.local		/* from faustino */
  $ ssh -v faustino.local		/* from the other computer */

  I modified /etc/ssh/sshd_config) to add
  LogLevel VERBOSE
  PermitRootLogin no
  AllowUsers  *@*.local

  $ sudo systemctl restart ssh

  Now I get, for example

  $ ssh faustino.local
  username at faustino.local's password: 
  Permission denied, please try again.

  That fails from the same machine, from another machine and if I try
  ssh localhost. All those worked before I put those directives in.

  I expected all attempts to ssh from .local addresses to work and all
  others to fail.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/avahi/+bug/1698317/+subscriptions

More information about the foundations-bugs mailing list