bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-12 21:16 UTC
[Bug 2479] New: ssh-keyscan non-standard port broken
https://bugzilla.mindrot.org/show_bug.cgi?id=2479 Bug ID: 2479 Summary: ssh-keyscan non-standard port broken Product: Portable OpenSSH Version: 6.9p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-keyscan Assignee: unassigned-bugs at mindrot.org Reporter: micah at riseup.net If one passes the -p option for a non-standard port to ssh-keyscan when using the -f option to pull hosts from a file, it results in a known_hosts entry that is incorrect: micah at muck$ cat /tmp/try 199.254.238.47 micah.riseup.net,199.254.238.47 micah at muck$ ssh-keyscan -t rsa -p 4422 -f /tmp/try > /tmp/known micah at muck$ cat /tmp/known [micah.riseup.net,199.254.238.47]:4422 ssh-rsa DATA It seems like putting a list of hostnames,ips inside of the [] doesn't work: micah at muck:dotfiles$ ssh -oUserKnownHostsFile=/tmp/known micah at micah.riseup.net -p 4422 The authenticity of host '[micah.riseup.net]:4422 ([199.254.238.47]:4422)' can't be established. RSA key fingerprint is SHA256:CbHIxWJjFKJk5V+G09XeiABqIRTooC646ZfSl7FRp2w. Are you sure you want to continue connecting (yes/no)? It should be constructed like this: [micah.riseup.net]:4422,[199.254.238.47]:4422 ssh-rsa DATA -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-23 02:36 UTC
[Bug 2479] ssh-keyscan non-standard port broken
https://bugzilla.mindrot.org/show_bug.cgi?id=2479 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |djm at mindrot.org, | |dtucker at zip.com.au Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org Attachment #2735| |ok?(dtucker at zip.com.au) Flags| | --- Comment #1 from Damien Miller <djm at mindrot.org> --- Created attachment 2735 --> https://bugzilla.mindrot.org/attachment.cgi?id=2735&action=edit expand each host name/address individually I think ssh-keyscan should expand the host list when the port number is non-default or host hashing is in use. The attached diff tries to do this: # 203.217.30.81:22 SSH-2.0-OpenSSH_7.1 fuyu.mindrot.org,203.217.30.81 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q= [djm at demiurge openssh]$ ./ssh-keyscan -t rsa -p 2222 -f /tmp/x1 # 203.217.30.81:2222 SSH-2.0-OpenSSH_7.1 [fuyu.mindrot.org]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=[203.217.30.81]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q= [djm at demiurge openssh]$ ./ssh-keyscan -t rsa -H -f /tmp/x1 # 203.217.30.81:22 SSH-2.0-OpenSSH_7.1 |1|ym8qXXurgjs0t6rZpJ9SkFLjnJU=|cIa7BLNfWuInKIvRxiHQtIkl6wA= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=|1|lxsMXgGpGeMPNR+9jLVBz9c26es=|LaJR3u29ThoOaekgMCVPTrQhVhU= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q= # 203.217.30.81:2222 SSH-2.0-OpenSSH_7.1 [|1|SOCfZlLsozka+6Ib4TiIFPlBSVs=|xie/tboEBMz8az3tkmZ5Zmd0LdY=]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q=[|1|WQ2HkjmJ9aS4cAswWlMu0b3Grrk=|TeVMzH5/XW1sVttL0652gM5rr2c=]:2222 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtNSRpUm2RRL2A1XPw2zFXg+t6zfAtuuDcC/M0mbwBgbwKkMAhv5diC22U5VOsmeSs8ufbuDVIZ5PL1jllbuvT5XSVwxTPiLaOHKnMLKtn97dlqWwW2SnC6Yn4zejJpIFw0+KcX+euJZhU7bqj7ocQ4To+igThYl2U1vTrpTImsz8I2OYzcA2523EbEsLlnxTEL813norSYj3jwUaUQN9iz3ybcuLk9XbwIazN2iXFU1mQP6tzJlUHjhVBXeM7gSsir4mJC72tYHoL+v9fUakFUEowXkJnmj+o8uNiNKFjQt66s23/HjQvujMzfYG0uV2yHwjsvWeo3h138HnHeo+5Q= -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-23 03:03 UTC
[Bug 2479] ssh-keyscan non-standard port broken
https://bugzilla.mindrot.org/show_bug.cgi?id=2479 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2735|ok?(dtucker at zip.com.au) |ok+ Flags| | --- Comment #2 from Darren Tucker <dtucker at zip.com.au> --- Comment on attachment 2735 --> https://bugzilla.mindrot.org/attachment.cgi?id=2735 expand each host name/address individually>+ if (!key)style(9) says this should be tested against NULL since it's not a boolean.>+ return; >+ if (!hash_hostsDitto. otherwise ok. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2015-Oct-24 22:56 UTC
[Bug 2479] ssh-keyscan non-standard port broken
https://bugzilla.mindrot.org/show_bug.cgi?id=2479 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED Blocks| |2451 --- Comment #3 from Damien Miller <djm at mindrot.org> --- Patch applied - this will be in OpenSSH 7.2. Thanks! Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2451 [Bug 2451] Bugs intended to be fixed in 7.2 -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2016-Aug-02 00:41 UTC
[Bug 2479] ssh-keyscan non-standard port broken
https://bugzilla.mindrot.org/show_bug.cgi?id=2479 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- Close all resolved bugs after 7.3p1 release -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
Possibly Parallel Threads
- [Bug 2521] New: subtract buffer size from computed rekey limit to avoid exceeding it
- X11forwarding yes: how to debug/setup after xauth fix
- [Bug 2537] New: add --version argument
- ssh-keyscan non-standard port broken
- OpenSSH Always Hangs When Connecting to Remote