openssh bugs - Jun 2006 - [Bug 1194] .host is known, .00host isn't ... or is it?

http://bugzilla.mindrot.org/show_bug.cgi?id=1194

           Summary: .host is known, .00host isn't ... or is it?
           Product: Portable OpenSSH
           Version: 3.8.1p1
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: andrew.brennan at pobox.com


I've checked the reported bugs and there are similar notes, but nothing
that matched this specifically.  Host key verification seems to match
in known_hosts against what was entered, but the error message when
there is no match might be misunderstood when the destination was
entered as an IP address, using a non-standard (but legal) format.

~/.ssh/known_hosts might have a listing:

10.8.1.1 ssh-rsa AAAAB3Nza...

... but if you were to ssh to 10.8.001.001 you will see a notice like:

The authenticity of host '10.8.001.001 (10.8.1.1)' can't be
established.

... assuming that you don't also have 10.8.001.001 in your known_hosts.
 Making this match both the entered address and the () value might be a
solution, but it could well break something else.




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=1194





------- Comment #1 from dtucker at zip.com.au  2006-06-10 10:31 -------
Host key verification happens against whatever hostname the user enters
(or alternatively, whatever they specify with HostKeyAlias) and,
optionally, against the IP address which the hostname resolves to.

Why do you want to specify IP addresses with leading zeros anyway?  Do
you realise that on some platforms that will cause those components to
be interpretted as octal, so sometimes "10.0.0.10" !=
"10.0.0.010" ?




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.