Mailing List Archive

https://bugzilla.mindrot.org/show_bug.cgi?id=3367

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org,
| |dtucker@dtucker.net
Assignee|unassigned-bugs@mindrot.org |djm@mindrot.org
Attachment #3556| |ok?(dtucker@dtucker.net)
Flags| |

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
Created attachment 3556
--> https://bugzilla.mindrot.org/attachment.cgi?id=3556&action=edit
pass the fuill [host]:port for hashing

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3367

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3353


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3353
[Bug 3353] Tracking bug for openssh-8.9
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3367

Darren Tucker <dtucker@dtucker.net> changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3556|ok?(dtucker@dtucker.net) |ok+
Flags| |

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3367

--- Comment #2 from Damien Miller <djm@mindrot.org> ---
This has been committed and will be in OpenSSH 8.9 - thanks!

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3367

--- Comment #3 from James Z.M. Gao <gaozm55@gmail.com> ---
thanks very much.

@dtucker another minor issue of the KnownHosts matching of `ssh-keygen
-F` is that 'host' and '[host]:22' are not equivalent.


ssh-keyscan host > k.txt # output: host key-type ...

ssh-keyscan -p 22 host # also output: host key-type ...

ssh-keygen -f k.txt -F host # found hostkey as expected

ssh-keygen -f k.txt -F '[host]:22' # found nothing, whereas we should
also match the same key as previous command

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3367

--- Comment #4 from Damien Miller <djm@mindrot.org> ---
'host' and '[host]:22' aren't supposed to be equivalent - nothing in
OpenSSH should ever write '[host]:22'.

We deliberately avoid appending the port if it's the default because to
do so would multiply 2x the number of cases the search and hashing code
needs to consider. It's too much work for no practical gain

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

https://bugzilla.mindrot.org/show_bug.cgi?id=3367

--- Comment #5 from James Z.M. Gao <gaozm55@gmail.com> ---
yes, '[host]:22' should not be output to knownhosts. For matching a
host, the `hostport` in ssh-keygen should also remove the default 22
port, that is '[host]:22' --> 'host'. Then the matching time remain the
same, in the mean while the matching logic are consistent with
generating.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs