[Bug 1296] VerifyHostKeyDNS default domain

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Mar 13 09:12:49 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=1296

           Summary: VerifyHostKeyDNS default domain
           Product: Portable OpenSSH
           Version: 4.3p2
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dan at danrowles.com


When connecting to a host using ssh, if I enter the full dns domain
name of the host, then ssh correctly finds the host key fingerprint in
DNS, and verifies that it is correct (eg "ssh server1.example.com")

If I try to ssh to a server by just entering the hostname (eg "ssh
server1") with no domain name, (and my /etc/resolv.conf contains the
line "search example.com") then ssh connects to the server correctly,
but it does NOT find the host key fingerprint in DNS.

Doing a tcpdump on port 53 reveals that ssh attempts to look up the
SSHFP entry in DNS without appending the default domain (even though it
appends the default domain when attempting to look up the A record for
the server).

Tested on Debian Sarge and Sid, on i686.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


More information about the openssh-bugs mailing list