[Bug 1296] VerifyHostKeyDNS default domain
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Mar 13 09:12:49 EST 2007
http://bugzilla.mindrot.org/show_bug.cgi?id=1296
Summary: VerifyHostKeyDNS default domain
Product: Portable OpenSSH
Version: 4.3p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: dan at danrowles.com
When connecting to a host using ssh, if I enter the full dns domain
name of the host, then ssh correctly finds the host key fingerprint in
DNS, and verifies that it is correct (eg "ssh server1.example.com")
If I try to ssh to a server by just entering the hostname (eg "ssh
server1") with no domain name, (and my /etc/resolv.conf contains the
line "search example.com") then ssh connects to the server correctly,
but it does NOT find the host key fingerprint in DNS.
Doing a tcpdump on port 53 reveals that ssh attempts to look up the
SSHFP entry in DNS without appending the default domain (even though it
appends the default domain when attempting to look up the A record for
the server).
Tested on Debian Sarge and Sid, on i686.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list