openssh bugs - May 2005 - [Bug 1039] Incomplete application of HostKeyAlias in ssh

http://bugzilla.mindrot.org/show_bug.cgi?id=1039

           Summary: Incomplete application of HostKeyAlias in ssh
           Product: Portable OpenSSH
           Version: 4.0p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: cdmclain at ll.mit.edu


When HostKeyAlias is specified, it is not used for the hostname in the
configuration file or for the default login prompt. This behavior is especially
problematic when local port forwarding of an SSH connection is being done. In
that case, "localhost" must be used as the hostname so it is
impossible to
distinguish one host from another.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1039





------- Additional Comments From cdmclain at ll.mit.edu  2005-05-13 03:28
-------
Created an attachment (id=911)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=911&action=view)
patch to use HostKeyAlias for the hostname

patch to use HostKeyAlias for the hostname when reading the configuration files
and logging into a remote host (modifies the default prompt).



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1039





------- Additional Comments From djm at mindrot.org  2005-05-13 07:37 -------
I'm not sure that this is a problem. You can already do:

Host something
        HostName localhost
        HostKeyAlias something

if you want to create "virtual" hosts that refer to the same hostname.
This works for localhost too:

Host something1
        HostName localhost
        Port 2222
        HostKeyAlias something1

Host something2
        HostName localhost
        Port 2223
        HostKeyAlias something2





------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1039





------- Additional Comments From cdmclain at ll.mit.edu  2005-05-13 08:08
-------
That seems to work for the config file (thanks!) but there is still problem with
the prompt.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1039


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #911 is|0                           |1
           obsolete|                            |




------- Additional Comments From dtucker at zip.com.au  2005-05-16 17:12 -------
Created an attachment (id=915)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=915&action=view)
use HostKeyAlias as password prompt if set

This patch will do what you're looking for.  I'm not sure whether or not
it's
needed, though.

$ ./ssh -o hostkeyalias=foo localhost
dtucker at foo's password:




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1039


djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WONTFIX




------- Additional Comments From djm at mindrot.org  2005-06-03 12:18 -------
It is arguable as to whether it is better to show the real hostname or the
hostkeyalias hostname. I tend to think that the real hostname is more valuable
because:

a) HostKeyAlias may be a name that doesn't exist anywhere else, so it
doesn't
give you any more information. After all, you already know the alias name.

b) A real host name might provide information valuable in deciding whether to
accept host keys, etc. E.g. connecting over an aliased localhost SSH forwarding.

So, I think it is better to display the real hostname.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1039


cdmclain at ll.mit.edu changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WONTFIX                     |




------- Additional Comments From cdmclain at ll.mit.edu  2005-06-03 23:38
-------
In case b (and the SSH forwarding example), without the change, the
"real" host
name is "localhost". HostKeyAlias is used for looking up the key in
the HostKey
database (aka the known_hosts file) and thus should also be used for the prompt.
In case b, HostKeyAlias provides not only more information than the
"real"
hostname but the correct information.

Please reconsider your decision.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.