[Bug 2041] New: Check for SSHFP when certificate is offered.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Aug 31 19:48:08 EST 2012
https://bugzilla.mindrot.org/show_bug.cgi?id=2041
Priority: P5
Bug ID: 2041
Assignee: unassigned-bugs at mindrot.org
Summary: Check for SSHFP when certificate is offered.
Severity: enhancement
Classification: Unclassified
OS: All
Reporter: ondrej at caletka.cz
Hardware: All
Status: NEW
Version: 6.1p1
Component: ssh
Product: Portable OpenSSH
Created attachment 2185
--> https://bugzilla.mindrot.org/attachment.cgi?id=2185&action=edit
Check for SSHFP when certificate is offered.
When the sshd offers a certificate to client (which is default, when
such a certificate is configured), the client refuses to do a SSHFP
validation for the key embedded in the certificate.
This patch fixes this by dropping certificate for the purpose of
checking SSHFP records, yet retaining certificate for other checks if
SSHFP authentication fails. It is therefore possible to fall back to
certificate authentication when for instance client does not have a
DNSSEC-enabled connectivity.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list