openssh unix dev - Mar 2003 - [Bug 523] ssh saves only host/ip information in known_hosts while port information is missing

http://bugzilla.mindrot.org/show_bug.cgi?id=523

           Summary: ssh saves only host/ip information in known_hosts while
                    port information is missing
           Product: Portable OpenSSH
           Version: 3.5p1
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: enhancement
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: misiek at pld.org.pl


ssh saves only host/ip information in known_hosts while port information is
missing.
 
When using masquerade I often use destination nat (DNAT) under Linux to allow 
connections from Internet to hosts behind masquerade like this: 
iptables -A PREROUTING -t nat -p tcp -d 12.12.12.12 --dport 11022 -j DNAT --to 
172.16.100.4:22 
 
That works wery well but ssh doesn't save information about port and then 
when connecting to 12.12.12.12 port 22 or port 11022 (different sshd's) 
 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@       WARNING: POSSIBLE DNS SPOOFING DETECTED!          @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
The RSA host key for some.host.pl has changed, 
and the key for the according IP address 12.12.12.12 
has a different value. This could either mean that 
DNS SPOOFING is happening or the IP address for the host 
and its host key have changed at the same time. 
Offending key for IP in /home/users/misiek/.ssh/known_hosts:79 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @ 
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY! 
Someone could be eavesdropping on you right now (man-in-the-middle attack)! 
It is also possible that the RSA host key has just been changed. 
The fingerprint for the RSA key sent by the remote host is 
a6:64:aa:6c:da:af:b5:be:99:d3:fc:21:0b:84:47:7a. 
Please contact your system administrator. 
Add correct host key in /home/users/misiek/.ssh/known_hosts to get rid of this 
message. 
 
That message is of course not correct since there are two different sshd (on
different
machines) using the same IP. 
 
I think that solution would be to add port number information to known_hosts
when it's
different than default one (22). That maybe won't break compatibility with
other ssh
software and will avoid such problems like mine. Is that proposition ok with
you? (then
I'll think about preparing patch :)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=523

djm at mindrot.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |DUPLICATE



------- Additional Comments From djm at mindrot.org  2003-03-27 21:35 -------
Please check existing bug reports

*** This bug has been marked as a duplicate of 454 ***



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.