[Bug 2074] New: Host key verification incorrectly handles IPv6 addresses
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Sat Feb 23 21:59:39 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2074
Bug ID: 2074
Summary: Host key verification incorrectly handles IPv6
addresses
Classification: Unclassified
Product: Portable OpenSSH
Version: 6.1p1
Hardware: All
OS: Linux
Status: NEW
Keywords: needs-release-note
Severity: minor
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: tomaxuser at gmail.com
Host key verification does not handle different but equivalent
notations of an IPv6 address as one. This affects but may be not
limited to usage of ::.
Steps to reproduce:
1. ssh to ::1
2. confirm host key
3. cancel session
(3a. ssh to ::1 again to check that no verification is needed and host
is known)
4. ssh to ::0:1
5. host key confirmation needed
6. cancel session
7. ssh to 0:0:0:0:0:0:0:1
8. host key confirmation needed
9. cancel session
Expected result is that in steps 5 and 8 no confirmation is required
and ssh recognizes that the IP addresses are equivalent with the first
one (per http://tools.ietf.org/html/rfc5952#section-4).
Suggested solution is to canonicalize IPv6 addressees when comparing
them in host key verification.
This affects at least distribution 5.5p1 on Debian Squeeze and 6.1p1
built from source, but probably affects all OSes.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list