http://bugzilla.mindrot.org/show_bug.cgi?id=1248
Summary: bug with HostbasedUsesNameFromPacketOnly
Product: Portable OpenSSH
Version: 4.4p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket@mindrot.org
ReportedBy: res@qoxp.net
The server-side hostbased authentication logic strips any trailing dot
from the hostname supplied in the authentication request, which makes
sense because no one will enter hostnames with trailing dots in their
known-hosts lists.
The option HostbasedUsesNameFromPacketOnly has sshd skip checking the
reverse-lookup name of the client IP address against the
client-supplied hostname. However, the current code also skips
removing the trailing dot, the result of which is that hostbased
authentication fails completely, unless you go and add dots to all your
hostnames in the known-hosts file.
I am including a patch to fix this behavior.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs
Summary: bug with HostbasedUsesNameFromPacketOnly
Product: Portable OpenSSH
Version: 4.4p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket@mindrot.org
ReportedBy: res@qoxp.net
The server-side hostbased authentication logic strips any trailing dot
from the hostname supplied in the authentication request, which makes
sense because no one will enter hostnames with trailing dots in their
known-hosts lists.
The option HostbasedUsesNameFromPacketOnly has sshd skip checking the
reverse-lookup name of the client IP address against the
client-supplied hostname. However, the current code also skips
removing the trailing dot, the result of which is that hostbased
authentication fails completely, unless you go and add dots to all your
hostnames in the known-hosts file.
I am including a patch to fix this behavior.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
http://lists.mindrot.org/mailman/listinfo/openssh-bugs