[Bug 1296] VerifyHostKeyDNS default domain

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Nov 4 11:52:08 EST 2010


https://bugzilla.mindrot.org/show_bug.cgi?id=1296

Karl P <barnaclebob at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |barnaclebob at gmail.com
            Version|5.1p1                       |5.6p1
             Status|CLOSED                      |REOPENED
         Resolution|FIXED                       |

--- Comment #4 from Karl P <barnaclebob at gmail.com> 2010-11-04 11:52:08 EST ---
While the comment that says this bug is fixed the commenter did not
provide any other info so i cannot verify why this problem still exists
in 5.6p1.

Here is some output:

karl at slap1:~$ cat /etc/resolv.conf 
domain corp.example.com
search corp.example.com
nameserver 10.13.0.133
options edns0

karl at slap1:~/openssh-5.6p1$ /nail/home/karl/ssh/bin/ssh -vvv -o
VerifyHostKeyDNS=yes dsectest.corp.example.com
OpenSSH_5.6p1, OpenSSL 0.9.8k 25 Mar 2009
<snip>
debug2: ssh_connect: needpriv 0
debug1: Connecting to dsectest.corp.example.com [10.13.0.133] port 22.
debug1: Connection established.
<snip>
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.6p1 Debian-0ubuntu1
debug1: match: OpenSSH_5.6p1 Debian-0ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
<snip>
debug3: verify_host_key_dns
debug1: found 2 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
<snip>
debug1: Next authentication method: password
karl at dsectest.corp.slide.com's password: 

karl at slap1:~/openssh-5.6p1$ /nail/home/karl/ssh/bin/ssh -vvv -o
VerifyHostKeyDNS=yes dsectest               
OpenSSH_5.6p1, OpenSSL 0.9.8k 25 Mar 2009
<snip>
debug2: ssh_connect: needpriv 0
debug1: Connecting to dsectest [10.13.0.133] port 22.
debug1: Connection established.
<snip>
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.6p1 Debian-0ubuntu1
debug1: match: OpenSSH_5.6p1 Debian-0ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
<snip>
debug3: verify_host_key_dns
DNS lookup error: name does not exist
<snip>
The authenticity of host 'dsectest (10.13.0.133)' can't be established.
RSA key fingerprint is c4:1c:08:b5:25:35:53:5b:cc:13:9c:e9:db:43:6c:6a.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list