Displaying 2 results from an estimated 2 matches for "secnorth".
2015 Nov 19
27
[Bug 2501] New: VerifyHostKeyDNS & StrictHostKeyChecking
...hecking
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: thorduri at secnorth.net
Created attachment 2753
--> https://bugzilla.mindrot.org/attachment.cgi?id=2753&action=edit
Two patches for the above.
When SSHFP RR is missing (while there are records available) ssh does
not
distinguish between these two, leading to confusing error messages,
that
is the "norma...
2015 Nov 18
2
Missing SSHFP RRs / VerifyHostKeyDNS & StrictHostKeyChecking
Y'all,
Currently (OpenSSH_7.1p1) no distinction is made between when an SSHFP
RR is missing
from the result set (rather then being empty), which can lead to
confusing error messages,
(the "normal" warn_changed_key() blurb is emitted) e.g. when the
presented host key and
known hosts both match but there is no matching RR.
Further, if VerifyHostKeyDNS and StrictHostKeyChecking are