Hi,
I just ran into an interesting problem with 3.0p1 on FreeBSD 4.0 and
IPv6/v4 mapped addresses.
If I do "ssh -v machine", where "machine" has an IPv4
address in the
DNS, everything works fine (machine is "hilbert.space.net"):
debug1: Connecting to hilbert [194.59.182.6] port 22.
...
Warning: This may be due to an old implementation of ssh.
debug1: Received server public key (767 bits) and host key (1024 bits).
The authenticity of host 'hilbert (194.59.182.6)' can't be
established.
RSA1 key fingerprint is c6:09:28:90:71:04:f8:0c:ca:6e:30:41:37:f2:76:ea.
Are you sure you want to continue connecting (yes/no)?
(I know that this machine should retire - it will, but that's not the
point). Everything is OK.
Now, if I do "ssh -v cname" where "cname" is a CNAME to the
same
machnie, the following happens:
$ ssh -v hilberto
OpenSSH_3.0p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Seeding random number generator
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to hilberto [::ffff:194.59.182.6] port 22.
debug1: Allocated local port 904.
(-> note the different address format!)
Warning: This may be due to an old implementation of ssh.
debug1: Received server public key (767 bits) and host key (1024 bits).
(-> so far, everything fine)
check_host_key: getnameinfo failed
debug1: Calling cleanup 0x8062b68(0x0)
*boom*.
Huh? OK. So I disable IPv6, and try again:
$ ssh -v -4 hilberto
OpenSSH_3.0p1, SSH protocols 1.5/2.0, OpenSSL 0x0090602f
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Seeding random number generator
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to hilberto [194.59.182.6] port 22.
...
debug1: Received server public key (768 bits) and host key (1024 bits).
The authenticity of host 'hilberto (194.59.182.6)' can't be
established.
RSA1 key fingerprint is c6:09:28:90:71:04:f8:0c:ca:6e:30:41:37:f2:76:ea.
Are you sure you want to continue connecting (yes/no)?
-> back to operation.
Unfortunately, I can't work around using CNAMEs in the specific
application ("cvs" use over SSH, and cvs-server being a CNAME onto the
actual box being used).
This leaves three interesting questions:
* why is it using IPv6/v4 mapped addresses when hitting a CNAME?
* why is this failing?
* is there a way to force "-4" from the ssh_config file? As
we're not
using IPv6 on that machine *yet*, this would be fine. Recompilation
would work, but would break machine consistency ("everything from the
same source tree with the same options").
As far as I can see, there is no way to force -4 / -6 from the config
file - or did I overlook something?
The client machine is running 4.0-STABLE-20000617.
regards,
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at
greenie.muc.de
fax: +49-89-35655025 gert.doering at
physik.tu-muenchen.de