http://bugzilla.mindrot.org/show_bug.cgi?id=689
Summary: Improper reverse IP lookup
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: berkvist@miser.umass.edu
When logging into my servers via SSH, the /var/messages log shows the following
message after a successful ssh login:
'Nasty PTR Record "dublin.miser.priv" is set for 10.168.1.25, ignoring'
Now, this is the correct local domain and IP for my laptop, and I _can_ get into
the server, but it shouldn't be complaining.
The full extent of the problem became obvious this morning - one of my users
attempted to ssh from one server to another (something he does on a daily basis).
His attempts were rejected, and the following was in the logs of the 2nd server:
'userauth_hostbased mismatch: client sends stratus.miser.umass.edu, but we
resolve 128.119.162.230 to 128.119.162.230'.
Oops! Instead of returning a name for the IP, it returns the IP again. Not
going to make reverse lookups possible with that procedure.
I think the problem lies in canohost.c - line 97. Possibly there's a bug in the
code. When checking the man page for getaddrinfo(), I see two problems with it.
One is that the first argument should be "ntop" instead of "name" and the other
is that the second argument should probably be NULL and instead it's a pointer
to a string containing the digit zero.
In the meantime, things will work but one extra check (doing a forward lookup
on the name returned by a reverse lookup on the adddress of the client) will not
be done.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Summary: Improper reverse IP lookup
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: berkvist@miser.umass.edu
When logging into my servers via SSH, the /var/messages log shows the following
message after a successful ssh login:
'Nasty PTR Record "dublin.miser.priv" is set for 10.168.1.25, ignoring'
Now, this is the correct local domain and IP for my laptop, and I _can_ get into
the server, but it shouldn't be complaining.
The full extent of the problem became obvious this morning - one of my users
attempted to ssh from one server to another (something he does on a daily basis).
His attempts were rejected, and the following was in the logs of the 2nd server:
'userauth_hostbased mismatch: client sends stratus.miser.umass.edu, but we
resolve 128.119.162.230 to 128.119.162.230'.
Oops! Instead of returning a name for the IP, it returns the IP again. Not
going to make reverse lookups possible with that procedure.
I think the problem lies in canohost.c - line 97. Possibly there's a bug in the
code. When checking the man page for getaddrinfo(), I see two problems with it.
One is that the first argument should be "ntop" instead of "name" and the other
is that the second argument should probably be NULL and instead it's a pointer
to a string containing the digit zero.
In the meantime, things will work but one extra check (doing a forward lookup
on the name returned by a reverse lookup on the adddress of the client) will not
be done.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.