[Bug 3643] New: order_hostkeyalgs can't find host-key in KnownHostsCommand if it contains port

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Dec 13 04:32:10 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3643

            Bug ID: 3643
           Summary: order_hostkeyalgs can't find host-key in
                    KnownHostsCommand if it contains port
           Product: Portable OpenSSH
           Version: 9.5p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: glance+mindrot at ac2.se

I have a KnownHostsCommand which emits :
[targethost]:1234 ssh-rsa ...

ssh -vvv -o KnownHostsCommand=cmd -p 1234 targethost shows:
...
debug1: Authenticating to targethost:9022 as 'user'
debug3: put_host_port: [targethost]:9022
debug3: subprocess: KnownHostsCommand-ORDER command "cmd" running as
user (flags 0x1a)
debug3: subprocess: KnownHostsCommand-ORDER pid 12345
debug3: sigaction(Killed): Invalid argument
debug3: sigaction(Stopped (signal)): Invalid argument
debug3: sigaction(Unknown signal 32): Invalid argument
debug3: sigaction(Unknown signal 33): Invalid argument
debug3: order_hostkeyalgs: no algorithms matched; accept original


I've diagnosed this down to sshconnect2.c:142:
load_hostkeys_command(hostkeys, options.known_hosts_command,
                    "ORDER", cinfo, NULL, host);

It calls load_hostkeys_command with host, which in this context is just
targethost and not hostname that will in this context be
[targethost]:1234 .

Right above the load_hostkeys_command are the load_hostkeys calls which
uses hostname instead.


I'm guessing this is just a simple typo from development which caused
it to not work in the special case where one has a not prefered
ssh-host-key with a port in a KnownHostsCommand. If the ssh-host-key
the KnownHostsCommand emitted would be the prefered one, ssh-ed25519,
it would by accident, or if the default port was used.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list