openssh bugs - Aug 2005 - [Bug 910] known_hosts port numbers

http://bugzilla.mindrot.org/show_bug.cgi?id=910


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #920 is|0                           |1
           obsolete|                            |




------- Additional Comments From dtucker at zip.com.au  2005-08-09 23:09 -------
Created an attachment (id=946)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=946&action=view)
Implement port spec as per sshd(8) ListenAddress

Implement semantics proposed here:
http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=112317383118528

The following are valid hostname entries:
localhost
127.0.0.1
::1
localhost:222
127.0.0.1:222
[::1]:222

The first 3 should remain backward compatible with older versions and are
written if possible.  The syntax is compatible with the sshd(8) ListenAddress
option (uses the same parser).

Only lightly tested here as it's late.	Anyone interested in this please
test.
A better description for the man page would also be welcome.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=910





------- Additional Comments From senthilkumar_sen at hotpop.com  2005-09-06
20:47 -------
Created an attachment (id=954)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=954&action=view)
Debug traces of sshd and ssh

When I tested the Patch against OpenSSH 4.2p1 the ssh client coredumps. The
debug traces are attached. This happens in hpux. 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=910





------- Additional Comments From jherek at gmail.com  2005-09-09 21:33 -------
Let me add to the voice of support for including ports into the known_hosts file
(it's unclear to me from reading the comments as to whether there is an
intent
to put it into the distribution or whether it will remain a patch).

There are many perfectly legitimate situations in which multiple ssh ports are
open on different ports, and there is no reason why they should all have the
same "host key".  In fact, the name "host key" presupposes,
without much good
evidence, that "host" is the appropriate administrative unit for
security; let's
call it a "service key", and then it's obvious that it should be
stored under
both host and port.

I understand that the maintainers are concerned about spoofing, but the
scenarios that would lead to that strike me as unlikely.  In contrast, the
current situation causes everybody to constantly delete keys from known_hosts,
which really creates the potential for man-in-the-middle attacks.  

The problem is exacerbated by the poor documentation of this problem in the ssh
manual page.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=910





------- Additional Comments From djm at mindrot.org  2005-09-09 21:39 -------
additional voices don't matter, test reports for the patch.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.