bugzilla-daemon at bugzilla.mindrot.org
2010-Nov-04 00:52 UTC
[Bug 1296] VerifyHostKeyDNS default domain
https://bugzilla.mindrot.org/show_bug.cgi?id=1296
Karl P <barnaclebob at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |barnaclebob at gmail.com
Version|5.1p1 |5.6p1
Status|CLOSED |REOPENED
Resolution|FIXED |
--- Comment #4 from Karl P <barnaclebob at gmail.com> 2010-11-04 11:52:08
EST ---
While the comment that says this bug is fixed the commenter did not
provide any other info so i cannot verify why this problem still exists
in 5.6p1.
Here is some output:
karl at slap1:~$ cat /etc/resolv.conf
domain corp.example.com
search corp.example.com
nameserver 10.13.0.133
options edns0
karl at slap1:~/openssh-5.6p1$ /nail/home/karl/ssh/bin/ssh -vvv -o
VerifyHostKeyDNS=yes dsectest.corp.example.com
OpenSSH_5.6p1, OpenSSL 0.9.8k 25 Mar 2009
<snip>
debug2: ssh_connect: needpriv 0
debug1: Connecting to dsectest.corp.example.com [10.13.0.133] port 22.
debug1: Connection established.
<snip>
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.6p1 Debian-0ubuntu1
debug1: match: OpenSSH_5.6p1 Debian-0ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
<snip>
debug3: verify_host_key_dns
debug1: found 2 secure fingerprints in DNS
debug1: matching host key fingerprint found in DNS
debug2: bits set: 522/1024
debug1: ssh_rsa_verify: signature correct
<snip>
debug1: Next authentication method: password
karl at dsectest.corp.slide.com's password:
karl at slap1:~/openssh-5.6p1$ /nail/home/karl/ssh/bin/ssh -vvv -o
VerifyHostKeyDNS=yes dsectest
OpenSSH_5.6p1, OpenSSL 0.9.8k 25 Mar 2009
<snip>
debug2: ssh_connect: needpriv 0
debug1: Connecting to dsectest [10.13.0.133] port 22.
debug1: Connection established.
<snip>
debug1: Remote protocol version 2.0, remote software version
OpenSSH_5.6p1 Debian-0ubuntu1
debug1: match: OpenSSH_5.6p1 Debian-0ubuntu1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.6
<snip>
debug3: verify_host_key_dns
DNS lookup error: name does not exist
<snip>
The authenticity of host 'dsectest (10.13.0.133)' can't be
established.
RSA key fingerprint is c4:1c:08:b5:25:35:53:5b:cc:13:9c:e9:db:43:6c:6a.
No matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
Reasonably Related Threads
- sshd 5.6p1 does not accept connections in fips mode
- [Bug 1296] VerifyHostKeyDNS default domain
- [Bug 1296] VerifyHostKeyDNS default domain
- [Bug 3698] New: SSHFP validation fails when multiple keys of the same type are found in DNS
- [Bug 1296] VerifyHostKeyDNS default domain
Wisdom of the Ancients
