sshfp/ldns still having issues in 7.6
Jonathan Duncan
jonathan at nacnud.com
Thu Jan 11 10:12:27 AEDT 2018
I have been running openSSH 7.4p1 for a while now. When I upgraded to 7.5 a
year or so ago I ran into the problem listed in this bug report:
Bug report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218472
The release notes for 7.6 release notes indicate that the fix patch was
included: https://www.openssh.com/txt/release-7.6
I tried 7.6 and I still cannot connect without a prompt wondering if I am
really sure.
-----------------
7.4p1
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:<snip>
debug3: verify_host_key_dns
debug2: ldns: got 1 answers from DNS
debug1: found 1 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS
debug1: Next authentication method: publickey
debug1: Offering RSA public key: ~/.ssh/id_rsa
debug1: Server accepts key: pkalg rsa-sha2-512 blen 535
debug1: Authentication succeeded (publickey).
-----------------
7.6p1
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:<snip>
debug3: verify_host_key_dns
debug1: found 1 insecure fingerprints in DNS
debug1: matching host key fingerprint found in DNS
debug3: hostkeys_foreach: reading file "~/.ssh/known_hosts"
debug3: hostkeys_foreach: reading file "~/.ssh/known_hosts"
The authenticity of host 'host.domain.com (1.2.3.4)' can't be established.
ECDSA key fingerprint is SHA256:<snip>.
Matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)? ^C
-----------------
The system I am testing on is running macOS 10.13.2 (High Sierra). Others
in my office are getting the same problem and running a similar setup
(though some are running macOS 10.12)
Is this a bug still or is there possibly something else at play here?
Is anyone else having the same problem? (Is anyone else using SSHFP/DNSSEC?)
Thanks,
Jonathan
More information about the openssh-unix-dev
mailing list