[Bug 2747] New: Different notations for the same IP-address result in multiple entries in known_hosts
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Jul 25 01:51:32 AEST 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2747
Bug ID: 2747
Summary: Different notations for the same IP-address result in
multiple entries in known_hosts
Product: Portable OpenSSH
Version: 7.5p1
Hardware: Other
OS: FreeBSD
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mi+mindrot at aldan.algebra.com
When checking the known_hosts-database for an IP-address, the client is
not attempting to normalize the IP. For example, connecting to the
following destinations in sequence:
* 10.10.220.46
* 168483886
* 0xa0adc2e
* 0x0a0adc2e
* 0x00a0adc2e
* 0x000a0adc2e
triggers the "are you sure?" warning each time -- and a separate line
in the ~/.ssh/known_hosts for each -- with the same host-key, of
course.
To solve this, OpenSSH developers need to agree on the "canonical"
representation for IPv4 (and IPv6!) addresses. Then the client-side
needs to be modified to:
1. When looking up the host in the list, look for the canonical
representation first. If no entry is found, look for the few
other possible representations and, if found, quietly convert/merge
such entry(ies) into canonical.
2. When adding a new entry, always add it in the canonical form
regardless of the command-line.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list