bugzilla-daemon at mindrot.org
2020-Nov-20 14:00 UTC
[Bug 3235] New: pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3235
Bug ID: 3235
Summary: pubkey auth with dns name in from= filter in
authorized keys not working on ip6-only hosts from
dual-stack hosts
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: m_langbe at cs.uni-kl.de
Created attachment 3456
--> https://bugzilla.mindrot.org/attachment.cgi?id=3456&action=edit
example settings
In case the host is ip6 only, and the originating host has ip6+ip4,
with the dns entry containing the ip4 address before the ip6 address,
no match is recognized, and public-key authentication fails.
I may be a general problem with multi-address dns entries, where only
the first one is used to compare with the connecting ip.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Nov-20 14:01 UTC
[Bug 3235] pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3235
Max Langbein <m_langbe at cs.uni-kl.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|8.4p1 |7.6p1
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Nov-20 14:25 UTC
[Bug 3235] pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3235
Max Langbein <m_langbe at cs.uni-kl.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Version|7.6p1 |8.0p1
Hardware|Other |amd64
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Nov-22 23:10 UTC
[Bug 3235] pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3235
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Does the ssh server in this case have UseDNS enabled? It's not on by
default.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Nov-23 17:37 UTC
[Bug 3235] pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3235
Max Langbein <m_langbe at cs.uni-kl.de> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |INVALID
Status|NEW |RESOLVED
--- Comment #2 from Max Langbein <m_langbe at cs.uni-kl.de> ---
You are right. Sorry for wasting your time, however, you helped me
finding my bug , so thank you very much :-)
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-03 22:52 UTC
[Bug 3235] pubkey auth with dns name in from= filter in authorized keys not working on ip6-only hosts from dual-stack hosts
https://bugzilla.mindrot.org/show_bug.cgi?id=3235
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.