ssh key from field

In authorized key, if we put from option, only the listed host can come to this host. Even if we put the private key in different location, only
host1, host2 and host3 can come from my example? Is this host based access control?

    The sshd server can globally limit which hosts can connect to this machine by using TCP Wrappers, but cannot act on a host-user level. Using the from option, you can allow a given identity to be used only from specific hosts. Hosts are separated by commas, may contain wildcards "*" and "?", or may disallow hosts that are prefixed with "!". As an example, you may have

Who is Participating?
arnoldConnect With a Mentor Commented:
tcp_wrapper will reject the connection.
The from="" entry deals with whether the keys can be used depending on the from="" rule.
It might rely on the setting within sshd_config for VerifyHostKeyDNS
If the key can not be applied/provided the interactive login will be the fallthrough position.
mokkanAuthor Commented:
Also, do we need to do anything with tcp_wrapper?
mokkanAuthor Commented:
Does this from field  option work with tcp_wrapper functionality ?
arnoldConnect With a Mentor Commented:
The two are two separate things.
tcp_wrappers are used by sshd based on the /etc/hosts.deny /etc/hosts.allow list for the various application on whether the connection should be accepted or rejected.
i.e. you have hosts.deny SSHD:
if a user on system tries to ssh to the system, the connection will be refused by sshd.

the from= line within the authorized_keys* seems to deal with whether publickey authentication is permitted from this location.
i.e. lets say all your users have a company laptop and their ssh identity keys are stored on servers for quick logins. The users do not have/know their passwords. You add this entry to prevent the users from accessing the systems when they are outside the LAN.
mokkanAuthor Commented:
thank you
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.