[Bug 1248] bug with HostbasedUsesNameFromPacketOnly

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Oct 5 07:54:30 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=1248

           Summary: bug with HostbasedUsesNameFromPacketOnly
           Product: Portable OpenSSH
           Version: 4.4p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: res at qoxp.net


The server-side hostbased authentication logic strips any trailing dot
from the hostname supplied in the authentication request, which makes
sense because no one will enter hostnames with trailing dots in their
known-hosts lists.

The option HostbasedUsesNameFromPacketOnly has sshd skip checking the
reverse-lookup name of the client IP address against the
client-supplied hostname.  However, the current code also skips
removing the trailing dot, the result of which is that hostbased
authentication fails completely, unless you go and add dots to all your
hostnames in the known-hosts file.

I am including a patch to fix this behavior.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list