Why do OpenSSH do a CNAME lookup when using IPv6 addresses?
Patrik Ek
ek.patrik at gmail.com
Wed May 8 20:29:39 AEST 2024
When using later OpenSSH versions with IPv6 it appears as if OpenSSH
tries to do a CNAME lookup on the address and then warns what the
format is incorrect,
user1 at XXXX[12:18][home/user1/Desktop]$ ssh -V
OpenSSH_9.6p1, OpenSSL 3.1.5 30 Jan 2024
user1 at XXXX[12:18][home/user1/Desktop]$
/app/moshell/24.0f/moshell/commonjars/ssh.lin64
user at 2001:1:8100:a3::fe
ignoring bad CNAME "2001:1:8100:a3::fe" for host "2001:1:8100:a3::fe":
domain name "2001:1:8100:a3::fe" contains invalid characters
ssh: connect to host 2001:1:8100:a3::fe port 22: Connection refused
user1 at XXXX[12:18][home/user1/Desktop]$
Usernames, hostnames and IP addresses are replaced with other values.
It is apparently able to establish a connection with the destination,
even though port 22 is not in use. Does anyone know why OpenSSH treats
valid IPv6 addresses as CNAMEs and tries to do a DNS lookup on these?
Further, would it be possible for me to remove this behavior by
configuration?
BR
Patrik
More information about the openssh-unix-dev
mailing list