[Bug 1489] New: ssh should normalize IP addresses before comparison
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jul 15 08:39:09 EST 2008
https://bugzilla.mindrot.org/show_bug.cgi?id=1489
Summary: ssh should normalize IP addresses before comparison
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.0p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: gst at sysfrog.org
When using the ssh command to login to a host, ssh checks if the public
key of this host is already known. However, when issuing an IP address
instead of a hostname, ssh seems to do a string-based comparison of
this IP address with the already known addresses.
Example:
-------- 8< -------- 8< -------- 8< -------- 8< --------
[gst at nano ~]$ ssh 10.0.0.3
Enter passphrase for key '/home/example/.ssh/id_rsa':
---> The client already knows the public key
[gst at nano ~]$ ssh 10.00.0.3
The authenticity of host '10.00.0.3 (10.0.0.3)' can't be established.
RSA key fingerprint is 4f:ab:6e:8a:0b:02:d0:32:18:a1:1c:00:2b:5c:f8:bd.
Are you sure you want to continue connecting (yes/no)?
---> Another format for the same IP, the client does not recognize the
IP
-------- 8< -------- 8< -------- 8< -------- 8< --------
One scenario where this e.g. could lead to a security problem would be
if:
* An attacker sets up a man in the middle attack
* The attacker somehow tricks someone to connect to the host using a
slightly modified IP address
It seems that "CheckHostIP" does NOT help, in the above scenario. I did
not further look into this, but maybe ssh does not do the additional
check of the hosts IP if an IP is given as argument.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list