[Bug 2074] Host key verification incorrectly handles IPv6 addresses
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Mar 8 11:42:58 EST 2013
https://bugzilla.mindrot.org/show_bug.cgi?id=2074
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2226
--> https://bugzilla.mindrot.org/attachment.cgi?id=2226&action=edit
canonicalise hostnames that are actually addresses
Host names passed on the commandline are treated as names first and
addresses a distant second, which is why this doesn't behave the way
you might expect. The host key lookup is incredibly fiddly, but
generally prefers that you confirm a key that you maybe have seen
before over accepting it. Furthermore, localhost is a special case
again so it isn't the best address to test with.
That being said, the attached patch will attempt to canonicalise IP
addresses that are passed on the commandline. I'm not entirely sure
that we want this, but we are probably going to do some other sort of
canonicalisation sooner or later anyway so it might be worthwhile then
- I don't intend on committing it as-is.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list