[Bug 2747] New: Different notations for the same IP-address result in multiple entries in known_hosts

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jul 25 01:51:32 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2747

            Bug ID: 2747
           Summary: Different notations for the same IP-address result in
                    multiple entries in known_hosts
           Product: Portable OpenSSH
           Version: 7.5p1
          Hardware: Other
                OS: FreeBSD
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mi+mindrot at aldan.algebra.com

When checking the known_hosts-database for an IP-address, the client is
not attempting to normalize the IP. For example, connecting to the
following destinations in sequence:

 * 10.10.220.46
 * 168483886
 * 0xa0adc2e
 * 0x0a0adc2e
 * 0x00a0adc2e
 * 0x000a0adc2e

triggers the "are you sure?" warning each time -- and a separate line
in the ~/.ssh/known_hosts for each -- with the same host-key, of
course.

To solve this, OpenSSH developers need to agree on the "canonical"
representation for IPv4 (and IPv6!) addresses. Then the client-side
needs to be modified to:

 1. When looking up the host in the list, look for the canonical
    representation first. If no entry is found, look for the few
    other possible representations and, if found, quietly convert/merge
    such entry(ies) into canonical.
 2. When adding a new entry, always add it in the canonical form
    regardless of the command-line.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list