host key for IPv6 not in known_hosts message

Ángel González keisial at gmail.com
Sun Feb 21 10:16:26 AEDT 2016


On 19/02/16 01:43, Michael Gebhard wrote:
> Hello,
>
> I have a server whose public key associated with it's domain name and IPv4 address
> is in my known_hosts, I also have set the StrictHostKeyChecking option.
>
> When trying to connect via IPv6 ssh prints:
> RSA host key for IP address [...] not in list of known hosts.
> and asks for my private key passphrase.
>
> When trying to connect via IPv6 with the IPv6 address associated with
> the servers public key in my known_hosts,
> ssh asks for my passphrase and connects normally.
>
> When trying to connect via IPv6 with the public key removed from my known_hosts
> ssh refuses to connect.
>
> The message "RSA host key for IP..." implies that the public key is missing
> yet ssh neither prompts the fingerprint (without StrictHostKeyChecking)
> nor refuses to connect (with StrictHostKeyChecking)
> nor does it mention that the key is there just not associated with the
> shown IP address.

You are trying to connect by name, right? Then this is the normal 
behavior, and the same it does with IPv4.
You want to connect to server (eg. mindrot.org), the public key 
presented by the host matches the one it has stored for mindrot.org. 
Thus, it is the right server, even if the IP wasn't seen before.
OTOH if the public key was in the file but associated to a different 
hostname, it would be incorrect to prceed, and you will find that in 
such case openssh will complain and prompt with the fingerprint / refuse 
to connect.

Regards



More information about the openssh-unix-dev mailing list