sshfp/ldns still having issues in 7.6
Jonathan Duncan
jonathan at nacnud.com
Fri Jan 12 06:04:10 AEDT 2018
On Thu, Jan 11, 2018 at 3:39 AM, Darren Tucker <dtucker at dtucker.net> wrote:
> On 11 January 2018 at 07:12, Jonathan Duncan <jonathan at nacnud.com> wrote:
> > I have been running openSSH 7.4p1 for a while now. When I upgraded to
> 7.5 a
> > year or so ago I ran into the problem listed in this bug report:
>
> Upgraded how? Built yourself? Configured with which options and
> which version of LDNS?
>
> I am on a Mac using Homebrew for package management.
> > 7.4p1
> > debug2: ldns: got 1 answers from DNS
>
> Note the "ldns:" line. This one is built with LDNS.
>
> Noted
> > 7.6p1
> >
> > debug3: verify_host_key_dns
>
> Note the lack of the ldns: line. I suspect this one is not built with
> LDNS. You can confirm this with ldd, you should see something like:
>
> Good catch. You are correct. Apparently the current versions have removed
the ldns option due to a version conflict with openssl at 1.1
ldd does not apply here since I am using Homebrew. Though building my own
from source is certainly an option.
I suspect it's something else. I'd check config.h and your build logs
> to make sure LDNS was actually enabled as you expect.
>
> Yes, it is something else. Thank you for the assistance. I will take it
from here.
> > Is anyone else having the same problem? (Is anyone else using
> SSHFP/DNSSEC?)
>
> I just set up DNSSEC for my domain and built 7.6p1 with LDNS 1.7.0 and
> it worked.
>
I am glad to hear it! At my office we quite enjoy the benefits of DNSSEC.
Cheers!
More information about the openssh-unix-dev
mailing list