I am concerned about the code under the comment
/* Find canonic host name. */
in ssh.c. This replaces the hostname entered by the user with the
cannonical name determined by getaddrinfo, causing the new name to
be used henceforth. This includes connecting to the host, and
finding its public key in a known_hosts file.
getaddrinfo seems (on Debian GNU/Linux 2.2, GNU libc 2.1.3) to look
up the IP address of the entered host then reverse look up the IP
address to get the cannonical name. I think this means that my DNS
administrator can control the cannonical name. So, if I have both
goodhost and badhost in my known_hosts file, and the DNS admin makes
badhost the cannonical name of goodhost, ssh would successfully
connect me to badhost when I ask to connect to goodhost. (I realize
this applies only when I enter a host without dots, but that is only
a small consolation.) I would expect ssh to connect to badhost,
then complain about a key mismatch.
Am I just confused? Does the canonic host code serve any important
purpose? All in all, I would much rather that ssh always used the
public key for the host I literally type to verify the foreign host.
Andrew
PS. Please Cc: me on replies to the list.
--
Where is the innovation? Microsoft, mostly.
- Rob Pike, "Systems Software Research is Irrelevant"
http://www.cs.bell-labs.com/cm/cs/who/rob/utah2000.ps