[Bug 3235] New: pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sat Nov 21 01:00:24 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3235

            Bug ID: 3235
           Summary: pubkey auth with dns name in from= filter in
                    authorized keys not working on ip6-only hosts from
                    dual-stack hosts
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: m_langbe at cs.uni-kl.de

Created attachment 3456
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3456&action=edit
example settings

In case the host is ip6 only, and the originating host has ip6+ip4,
with the dns entry containing the ip4 address before the ip6 address,
no match is recognized, and public-key authentication fails.

I may be a general problem with multi-address dns entries, where only
the first one is used to compare with the connecting ip.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list