search for: secnorth

...hecking Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: thorduri at secnorth.net Created attachment 2753 --> https://bugzilla.mindrot.org/attachment.cgi?id=2753&action=edit Two patches for the above. When SSHFP RR is missing (while there are records available) ssh does not distinguish between these two, leading to confusing error messages, that is the "norma...

Y'all, Currently (OpenSSH_7.1p1) no distinction is made between when an SSHFP RR is missing from the result set (rather then being empty), which can lead to confusing error messages, (the "normal" warn_changed_key() blurb is emitted) e.g. when the presented host key and known hosts both match but there is no matching RR. Further, if VerifyHostKeyDNS and StrictHostKeyChecking are