bugzilla-daemon at mindrot.org
2015-Feb-23 17:59 UTC
[Bug 2359] New: [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Bug ID: 2359 Summary: [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal Product: Portable OpenSSH Version: 6.7p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: charles at dyfis.net Created attachment 2555 --> https://bugzilla.mindrot.org/attachment.cgi?id=2555&action=edit First-draft proposed patch At present, a SSH certificate signed with the name of a round-robin pool can't be used to authenticate a single, specific host within that pool, if logging into it directly. Likewise, if DNS is temporarily unavailable, one cannot log into a system secured by a host certificate by IP unless its IP address is listed as a principal. I propose to address this by allowing a a name passed in the HostKeyAlias option to match a system's principal name in the same manner, and using the same logic, as presently used for the name used for the actual lookup and connection. Proposed on mailing list at http://lists.mindrot.org/pipermail/openssh-unix-dev/2015-February/033443.html. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Feb-10 06:31 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2782 CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- Look at this for release Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2782 [Bug 2782] Tracking bug for OpenSSH 7.7 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 03:09 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2852 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2852 [Bug 2852] Tracking bug for OpenSSH 7.8 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-Apr-06 03:12 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks|2782 | --- Comment #2 from Damien Miller <djm at mindrot.org> --- Move to OpenSSH 7.8 tracking bug Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2782 [Bug 2782] Tracking bug for OpenSSH 7.7 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-11 03:41 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2555|application/octet-stream |text/plain mime type| | Attachment #2555|0 |1 is patch| | -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2018-May-11 03:49 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |DUPLICATE --- Comment #3 from Damien Miller <djm at mindrot.org> --- *** This bug has been marked as a duplicate of bug 2728 *** -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 04:56 UTC
[Bug 2359] [PATCH] Allow HostKeyAlias to be used in hostname check against certificate principal
https://bugzilla.mindrot.org/show_bug.cgi?id=2359 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Reasonably Related Threads
- Proposal: Allow HostKeyAlias to be used in hostname check against certificate principal.
- [Bug 2728] New: HostKeyAlias not respected for certificate authority host key validation
- [Bug 1039] Incomplete application of HostKeyAlias in ssh
- [Bug 1039] Incomplete application of HostKeyAlias in ssh
- [Bug 2719] New: Notify user, when ssh transport process dies.