bugzilla-daemon at mindrot.org
2015-Feb-23 17:59 UTC
[Bug 2359] New: [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Bug ID: 2359
Summary: [PATCH] Allow HostKeyAlias to be used in hostname
check against certificate principal
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: charles at dyfis.net
Created attachment 2555
--> https://bugzilla.mindrot.org/attachment.cgi?id=2555&action=edit
First-draft proposed patch
At present, a SSH certificate signed with the name of a round-robin
pool can't be used to authenticate a single, specific host within that
pool, if logging into it directly. Likewise, if DNS is temporarily
unavailable, one cannot log into a system secured by a host certificate
by IP unless its IP address is listed as a principal.
I propose to address this by allowing a a name passed in the
HostKeyAlias option to match a system's principal name in the same
manner, and using the same logic, as presently used for the name used
for the actual lookup and connection.
Proposed on mailing list at
http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-February/033443.html.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Feb-10 06:31 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2782
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Look at this for release
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 03:09 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |2852
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2852
[Bug 2852] Tracking bug for OpenSSH 7.8 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 03:12 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks|2782 |
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Move to OpenSSH 7.8 tracking bug
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=2782
[Bug 2782] Tracking bug for OpenSSH 7.7 release
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-11 03:41 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2555|application/octet-stream |text/plain
mime type| |
Attachment #2555|0 |1
is patch| |
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-11 03:49 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |DUPLICATE
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
*** This bug has been marked as a duplicate of bug 2728 ***
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:56 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
closing resolved bugs as of 8.6p1 release
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
Apparently Analagous Threads
- Proposal: Allow HostKeyAlias to be used in hostname check against certificate principal.
- [Bug 2728] New: HostKeyAlias not respected for certificate authority host key validation
- [Bug 1039] Incomplete application of HostKeyAlias in ssh
- [Bug 1039] Incomplete application of HostKeyAlias in ssh
- [Bug 2719] New: Notify user, when ssh transport process dies.