thr3ads.net - openssh bugs - [Bug 2692] New: Hash does not include the port [Mar 2017]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2017-Mar-08 17:55 UTC

[Bug 2692] New: Hash does not include the port

https://bugzilla.mindrot.org/show_bug.cgi?id=2692

            Bug ID: 2692
           Summary: Hash does not include the port
           Product: Portable OpenSSH
           Version: 7.4p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-keyscan
          Assignee: unassigned-bugs at mindrot.org
          Reporter: josh.powers at canonical.com

This was reported to Ubuntu and I wanted to follow up with the openssh
maintainers as to the expected behavior to verify if this is in fact a
bug.

When running an ssh-keyscan with the -H option on a custom port the
port is not included in the hash and is in plain text. For example:
$ ssh-keyscan -H -p 2222 10.10.10.10
[|1|HASHED_IP]:2222 ssh-rsa MY_RSA_KEY

If however I run ssh-keygen without the -H and then come back with
ssh-keygen it will hash the port:
$ ssh-keyscan -p 2222 10.10.10.10 > ~/.ssh/authorized_keys
[10.10.10.10]:2222 ssh-rsa MY_RSA_KEY
$ ssh-keygen -H -f ~/.ssh/authorized_keys
$ cat ~/.ssh/authorized_keys
|1|HASHED_IP_AND_PORT ssh-rsa MY_RSA_KEY

Should ssh-keyscan also be hashing the port?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2017-Mar-10 02:42 UTC

head link

[Bug 2692] Hash does not include the port

https://bugzilla.mindrot.org/show_bug.cgi?id=2692

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org,
                   |                            |dtucker at zip.com.au
           Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org
   Attachment #2956|                            |ok?(dtucker at zip.com.au)
              Flags|                            |

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Created attachment 2956
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2956&action=edit
include port in ssh-keyscan hash

ssh-keyscan is in error here. It's supposed to include the port in the
hash as ssh and ssh-keygen do.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2017-Mar-10 02:42 UTC

head link

[Bug 2692] Hash does not include the port

https://bugzilla.mindrot.org/show_bug.cgi?id=2692

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |2647


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2647
[Bug 2647] Tracking bug for OpenSSH 7.5 release
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2017-Mar-10 03:14 UTC

head link

[Bug 2692] Hash does not include the port

https://bugzilla.mindrot.org/show_bug.cgi?id=2692

Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2956|ok?(dtucker at zip.com.au)     |ok+
              Flags|                            |

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2017-Mar-10 03:18 UTC

head link

[Bug 2692] Hash does not include the port

https://bugzilla.mindrot.org/show_bug.cgi?id=2692

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
           Severity|enhancement                 |minor
         Resolution|---                         |FIXED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Patch applied. This will be in OpenSSH 7.5, due soon.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2018-Apr-06 02:26 UTC

head link

[Bug 2692] Hash does not include the port

https://bugzilla.mindrot.org/show_bug.cgi?id=2692

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after release of OpenSSH 7.7.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

Reasonably Related Threads

Search for more reasonably related threads

openssh bugs - Mar 2017 - [Bug 2692] New: Hash does not include the port

[Bug 2692] New: Hash does not include the port

[Bug 2692] Hash does not include the port

[Bug 2692] Hash does not include the port

[Bug 2692] Hash does not include the port

[Bug 2692] Hash does not include the port

[Bug 2692] Hash does not include the port

Reasonably Related Threads